I have a form in one file "signin.php", and then all my backend is in "php/signin_back.php"
If i have a form
<form action="php/signin_back.php" method="post">
<input type="text"/>
<!-- more stuff !-->
</form>
When I log in, the form directs to php/signin_back.php to process all the good stuff, but it kind of lags so it goes to that page for like 1 second, meaning I'm able to read the url site. Whats a better way to do it so the user logging in doesn't see any URL backend information... Would it be better if I have all my backend mysql database stuff in the same file as my form?
Thanks
-
I usually have all the form stuff in the 1 file, then on success redirect to another page.bumperbox– bumperbox2012年10月13日 01:18:41 +00:00Commented Oct 13, 2012 at 1:18
4 Answers 4
<?php
if(isset($_POST) && !empty($_POST))
{
/* process stuff here */
}
?>
<!--
old page here
-->
how about something like this?
1 Comment
you can put it in the same file, or in your destination file.
or use jquery and post the info using ajax
Comments
If I understand you correctly, you're worried about user being able to see the url of the page processing the sign in because of security related reasons. This is a wrong approach.
Passing user to one page and then immediately redirecting to another page in a hope that all of this would happen so fast the user wouldn't be able to read the url is not a safety measure.
Simply, your job is to secure your script in a way, that it doesn't matter whether the user is able to see the url or not. They're able to see it anyway if they care to dig your source.
Comments
Post to the same page but use an included controller to process the $_POST if a post exists