Search code examples
phpsecurityencryptionphalcon

Can't read post data

PHP 7.0, Phalcon 3.4.1, Bootstrap 4.1.1, jQuery 3.3.1: I have a login view similar to this:

<form id="loginform" method="post" action="/login/in">
    <!--<div class="form-group">-->
        <input type="Login" class="form-control" id="Login" placeholder="Login">
    <!--</div>-->
    <div class="form-group">
        <input type="Password" class="form-control" id="Password" placeholder="Password">
    </div>
    <input type="hidden" name="{{ csrf_name }}" value="{{ csrf_value }}">
    <button id="submit" type="submit" class="btn btn-secondary">Login</button>
</form>

I want to be able to bind to the Windows Domain Controller (intranet), but when I submit the form, the post data is akin to this:

array(1) { ["cVlQeUd2QjdCTWtIWk9Td1pNTHh3UT09"]=> string(32) "Y01CR2VXRTU2WExEUW8xWDNVZFRBUT09" }

So, I want to preserve password security (ldap is the ldaps address), but I also need to pass real parameters to the ldap bind function because it does not work with the data above. any ideas would be greatly appreciated.

Solution

  • To elaborate on two of the comments: "id=..." works for nearly all page manipulation, but the good old classic "Form" submission still finds items in the form only by the name attribute "name=...", not id. Best practice in general is to always assign id for items that will be accessed or otherwise manipulated dynamically (ie: via the Javascript), and Also include name for form items that will be submitted.

    One more thing, there is a convention for name where you can use the same name on multiple items (such as multiple options of a select? I don't recall exactly where it's useful). When those items are submitted they arrive to the server as some sort of list/array contained under that single identifier. Such conventions do Not exist for id, it must be one item per id (as per one of the comments). 

    <form id="loginform" method="post" action="/login/in">
    <!--<div class="form-group">-->
        <input type="Login" class="form-control" id="Login" name="Login" placeholder="Login">
    <!--</div>-->
    <div class="form-group">
        <input type="Password" class="form-control" id="Password" name="Password" placeholder="Password">
    </div>
    <input type="hidden" name="{{ csrf_name }}" value="{{ csrf_value }}">
    <button id="submit" type="submit" class="btn btn-secondary">Login</button>
</form>