Reputation: 309
PHP $_POST works but $_GET does not
I have a PHP script that takes a username and password posted and logs the user in to wordpress. If I create a simple form and post the values with the form it works. However if I put the values in the url and use a get it does not. I see the data still echoes out but the login does not work. Does anyone have any ideas.
So this works:
Form:
<form action="/signon.php" method="post">
<input type="text" id="email" name="email" class="form-control" placeholder="email" required autofocus>
<input type="password" id="password" name="password" class="form-control" placeholder="password" required>
<button class="btn btn-lg btn-primary btn-block" type="submit">Sign in</button>
</form>
Script
<?php
/**
* custom log in functionality
*/
//load wordpress
if (file_exists($_SERVER['DOCUMENT_ROOT'] . '/wp-load.php')) {
require_once($_SERVER['DOCUMENT_ROOT'] . '/wp-load.php');
}
if ( !isset($_POST["email"]) || !isset($_POST["password"]) ) {
echo "no user or pass set";
return;
}
if (is_email($_POST['email'])) {
$user = get_user_by('email', $_POST['email']);
if (empty($user)) {
echo "no user email set";
//wp_redirect($_POST['_wp_http_referer']);
exit;
}
} else {
$user = get_user_by('login', $_POST['email']);
if (empty($user)) {
echo "no username set";
//wp_redirect($_POST['_wp_http_referer']);
exit;
}
}
$user_admin_url = get_blogaddress_by_id($user->primary_blog) . 'wp-admin/';
$creds = array();
$creds['user_login'] = $user->user_login;
$creds['user_password'] = $_POST['password'];
$creds['remember'] = true;
$user = wp_signon($creds, false);
if (is_wp_error($user)) {
echo "login error";
exit;
}
wp_set_current_user($user->ID);
wp_set_auth_cookie($user->ID);
wp_redirect($user_admin_url);
exit;
?>
And this does not if I put it in the browser bar and change the $_POST to $_GET
urltoscript.com/[email protected]&password=123
script
<?php
/**
* custom log in functionality
*/
//load wordpress
if (file_exists($_SERVER['DOCUMENT_ROOT'] . '/wp-load.php')) {
require_once($_SERVER['DOCUMENT_ROOT'] . '/wp-load.php');
}
if ( !isset($_GET["email"]) || !isset($_GET["password"]) ) {
echo "no user or pass set";
return;
}
if (is_email($_GET['email'])) {
$user = get_user_by('email', $_GET['email']);
if (empty($user)) {
echo "no user email set";
//wp_redirect($_GET['_wp_http_referer']);
exit;
}
} else {
$user = get_user_by('login', $_GET['email']);
if (empty($user)) {
echo "no username set";
//wp_redirect($_GET['_wp_http_referer']);
exit;
}
}
$user_admin_url = get_blogaddress_by_id($user->primary_blog) . 'wp-admin/';
$creds = array();
$creds['user_login'] = $user->user_login;
$creds['user_password'] = $_GET['password'];
$creds['remember'] = true;
$user = wp_signon($creds, false);
if (is_wp_error($user)) {
echo "login error";
exit;
}
wp_set_current_user($user->ID);
wp_set_auth_cookie($user->ID);
wp_redirect($user_admin_url);
exit;
?>
Upvotes: 0
Views: 129
Answers (1)
Reputation: 36426
@ is a reserved symbol, used to separate user info from host name in the authority component (the bit after the //) of a URL.
When you are typing in an email address as a parameter you need to use %40 instead of @.
This kind of substitution of reserved symbols is often seen when %20 is used instead of the space character.
Upvotes: 1
Related Questions
- $_GET not working
- PHP $_POST not working but $_GET works fine
- PHP $_GET and $_POST variables are not working properly
- $_POST method not working although $_Get work Fine
- $_get not working
- $_POST always empty, $_GET works OK
- $_POST doesn't work, $_GET does
- PHP $_GET Not Sending
- $_GET and $_POST issue
- $_GET and $_POST not working