PHP - Submit a form inside a page included into another page

Question

I'm developing a web application with PHP. Currently, the structure of my project folder is this (quite simplified):

/myproject
        index.php
        head.php
        body.php
        footer.php
        css/
        js/
        src/
            common/
            security/
                  sessions.php
                  ..some others..
            main/
                  login.php
                  signup.php
                  ..some others..  
            conf/
                  ..some conf files..
            utils/
                  ..some utils files..
        app/
            ...the app itself here..
        accounts/
                 settings.php
                 changepasswd.php
                 ..some others files

The web view is developed following the all-in-one-page pattern, using FullPage.js as section explorer.

So, the index.php file serves the head the body and the footer (including the proper .php script). The login and the signup form are served (obviously) by login.php and signup.php respectively, using the AjaxForm plugin.

When the user logs in, the index.php render the head.php, the body.php and and the footer.php; each ones is coded to serve differents tabs/sections depending on whether $_SESSION['user_name'] exists or not.

Well..going straight to the problem: when the user is logged in, the Settings section appears. Inside of it, i put these lines:

require '../src/security/sessions.php';
SE_session_start(); // my personal function to start safe sessions

....some other code where i query the DB to know currents settings...

<ul class="alt" id="ul-settings">

...some others <li></li> with others forms and informations...

                <li>
                    <form> // i wrapped all into a form to avoid confution but i will not use it
                        <input type="checkbox" id="pr" onclick="DropDownPassReset('prDDM')" />
                        <label for="pr">Change password</label>
                    </form>
                    <div id="prDDM" style="display: none;">
                        <form method="post" action="accounts/passwdchange.php" id="passwdchange">
                            <input type="password" name="oldpasswd" placeholder="Old password..."/>
                            <input type="password" name="newpasswd" placeholder="New password..."/>
                            <input type="password" name="newpasswdr" placeholder="Enter new password agian..."/>
                            <button class="button special icon" onclick="changepasswd();">Process</button>                            
                        </form>
                    </div>
                </li>            
        </ul>

As you can understand: the first is there just for design purposes. When the user click on it, a javascript function makes the "Change Password" to be visible.

The problem: when i try to submit the form (still using ajaxForm, and that's not the problem because i got the same issue submitting as usual), no $_POST data is sent to the form-action script.

In "passwdchange.php" (which actually manages the password change), if i try to access to $_POST['oldpasswd'] or any of the other inputs, i get (from xdebug):

PHP Notice:  Undefined index: oldpasswd

What i've already tried:

• submit the form as usual (with an <input type="submit" />), without ajaxForm plugin.
• delete all the others forms and leave just this one.
• adding an <input type="submit" /> with "visibility:hidden" and submitting with ajaxForm.
• the 2nd and the 3rd ones combined

But still no luck.... :( I really don't know what is happening....

Thanks.

EDIT: this is the changepasswd() function:

function changepasswd() {
    $('#passwdchange').ajaxForm(function(response) {
        if (response != '') {
            cAlert.render(response);
        }
        $('#passwdchange').resetForm();
    });
}

ANOTHER EDIT (the last, i promise :) )

This is my .htaccess in root folder:

Options +FollowSymLinks -MultiViews
# Turn mod_rewrite on
RewriteEngine On
RewriteBase /

# To externally redirect /dir/foo.php to /dir/foo
RewriteCond %{THE_REQUEST} ^[A-Z]{3,}\s([^.]+)\.php [NC]
RewriteRule ^ %1 [R,L,NC]

## To internally redirect /dir/foo to /dir/foo.php
RewriteCond %{REQUEST_FILENAME}.php -f [NC]
RewriteRule ^ %{REQUEST_URI}.php [L]

<Files *.php>
    Order Deny,Allow
    Deny from all
    Allow from 127.0.0.1
</Files>

<Files index.php>
    Order Allow,Deny
    Allow from all
</Files>

<Files activation.php>
    Order Allow,Deny
    Allow from all
</Files>

Answer 1

Is there maybe an external redirect happening based on your .htaccess? If so, POST data will be lost, cause the browser will issue a GET request for the new location.

Based on your screenshot https://i.sstatic.net/XI6kI.png, that is exactly what’s happening:

The request for passwdchange.php is answered with a 302 status code, and the browser is told to request passwdchange instead – which it does via GET, so no POST data will exist when the PHP script is finally executed. See to it that your AJAX request gets send to passwdchange in the first place (or remove the automatic redirect for requests for files with the .php suffix to the suffix-less version – at least for this script, and any other that expect to receive POST data.)