Solved

PHP header() and hiden form fields

Posted on 2004-04-19
3
555 Views
Last Modified: 2013-12-12
Hey guys.  My problem is as follows:

I have a simple registration page which presents the user with a login page.  The user will use a unique password in the login page then go to the registration page.  Once registation is filled out correctly they are sent to an optional survey page.  It is in that survey page that I am trying to invalidate the password.  The problem is that I cannot seem to pass the password variable forward ... according to some people in IRC, it is because of the use of my header redirect.  So I tried to pass the password through the header but I can't seem to get it to propigate to the 3rd page.  Could someone give me a way to pass the password variable forward?

To clarify:

login.php --> register.php --> survey.php (in survey.php the password used in login.php must be invalidated ... but I can't pass it)

Code for login.php: ********************************************************************************

<?
      include('./script/connect2invitedb.php');
    include('./script/startsession.php');

    if(isset($_POST['password']))
    {
        $query = 'select * from random where random_number = "'.$_POST['password'].'"';
        $result = mysql_query($query) or die(mysql_error());
        $row = mysql_fetch_array($result, MYSQL_BOTH);

        if($row['used'] == "N")
        {
               //header("Location: /loggedin/test.php");
            header('Location: /loggedin/register.php?password='.$_POST['password']);
        }

             if($row['used'] == "Y")
          {
              echo "<br><br><br><br><br><br><br><br>";
              echo "<b><center><font color = 'red' size = '+2'>";
              echo "Ticket Registration Code Already Verified"."</font></center></b>";
        ?>
            <html>
                 <head>
                   <script language = "javascript">
                   function focus(){
                      login.password.focus();
                   }
                   </script>
                    <title>Rigstar Movie Invitation - Login</title>
                   </head>
                    <body onLoad = "focus()">
                    <center>
                     <img src = "./images/logo.jpg"><br>
                      Please insert Ticket Registration Code<br><br>
                     <form action = "<? echo $_SERVER['PHP_SELF']?>" method = "POST" name = "login">
                      <input type = "text" name = "password" size = "5"><br><br>
                    <input type = "hidden" name = "hpassword" value = "<?=$_POST['password']?>">
                      <input type = "submit" value = "Submit" name = "submit">
                      <input type = "reset" value = "Clear">
                     </form>
                    </center>
                   </body>
                  </html>
          <?
          }
        if(!($row))
        {
              echo "<br><br><br><br><br><br><br><br>";
              echo "<b><center><font color = 'red' size = '+2'>";
            echo "Incorrect Ticket Registration Code"."</font></center></b>";
        ?>
            <html>
                 <head>
                   <script language = "javascript">
                   function focus(){
                      login.password.focus();
                   }
                   </script>
                    <title>Rigstar Movie Invitation - Login</title>
                   </head>
                    <body onLoad = "focus()">
                    <center>
                     <img src = "./images/logo.jpg"><br>
                      Please insert Ricket Registration Code<br><br>
                     <form action = "<? echo $_SERVER['PHP_SELF']?>" method = "POST" name = "login">
                      <input type = "text" name = "password" size = "5"><br><br>
                    <input type = "hidden" name = "hpassword" value = "<?=$_POST['password']?>">
                      <input type = "submit" value = "Submit" name = "submit">
                      <input type = "reset" value = "Clear">
                     </form>
                    </center>
                   </body>
                  </html>
          <?
            }
    }
    else
    {?>
    <html>
     <head>
     <script language = "javascript">
     function focus(){
          login.password.focus();
     }
     </script>
      <title>Rigstar Movie Invitation - Login</title>
     </head>
      <body onLoad = "focus()">
        <center>
       <br><br><br><br><br><br><br><br><br>
       <img src = "./images/logo.jpg"><br>
        Please insert Ticket Registration Code<br><br>
       <form action = "<? echo $_SERVER['PHP_SELF']?>" method = "POST" name = "login">
        <input type = "text" name = "password" size = "5"><br><br>
        <input type = "hidden" name = "hpassword" value = "<?=$_POST['password']?>">
        <input type = "submit" value = "Submit" name = "submit">
        <input type = "reset" value = "Clear">
       </form>
      </center>
     </body>
    </html>
    <?
    }
mysql_close();
?>

Code for register.php ********************************************************************************

<?
      include('../script/connect2invitedb.php');
    include('../script/startsession.php');

    if($_POST['submitted'])
    {
          $query = "insert into INFORMATION
                     (information_id, email, fname, lname, bus_add, mail_add1, mail_add2, city, province, postal_code, bus_phone)
                 VALUES (',','$_POST[email]','$_POST[fname]','$_POST[lname]','$_POST[bus_add]','$_POST[mail_add1]','$_POST[mail_add2]','$_POST[city]','$_POST[province]','$_POST[postal_code]','$_POST[bus_phone]')";
          $result = mysql_query($query) or die(mysql_error());
            header('Location: /loggedin/survey.php?password='.$_POST['password']);
    }
?>
<html>

<head>
<title>Rigstar Movie Invitation - Registration</title>
<script language = "javascript" src ="../script/embed.js">
</script>
</head>

<body>
<p align="center">&nbsp;</p>
<div align="center">
  <center>
  <img src = "../images/logo.jpg" width="450" height="150">
  <form action = "<? echo $_SERVER['PHP_SELF']?>" method = "POST" name = "information">
  <input type = "hidden" name = "hpassword" value = "<?=$_POST['password']?>">
  <table border="0" cellpadding="2" style="border-collapse: collapse" bordercolor="#111111" width="53%" id="AutoNumber1">
    <tr>
      <td width="169%" align="right" colspan="3" bgcolor="#FF0000">
      <p align="center"><font color="#FFFFFF" face="Times New Roman">Please Enter the Following
Information to Register</font></td>
    </tr>
    <tr>
      <td width="39%" align="right" style="border-right-style: none; border-right-width: medium" bgcolor="#C0C0C0">
      <b>email address: </b> </td>
      <td width="53%" align="center" style="border-style: none; border-width: medium" bgcolor="#C0C0C0">
      <input type = "text" name = "email" size="33"></td>
      <td width="77%" align="center" style="border-left-style: none; border-left-width: medium" bgcolor="#C0C0C0"><font color="#FF0000">*</font></td>
    </tr>
    <tr>
      <td width="39%" align="right" bgcolor="#FFFFFF" style="border-right-style: none; border-right-width: medium">&nbsp;</td>
      <td width="53%" bgcolor="#FFFFFF" align="center" style="border-style: none; border-width: medium">&nbsp;</td>
      <td width="77%" align="center" bgcolor="#FFFFFF" style="border-left-style: none; border-left-width: medium">&nbsp;</td>
    </tr>
    <tr>
      <td width="39%" align="right" style="border-right-style: none; border-right-width: medium" bgcolor="#C0C0C0">
      <b>first name:</b></td>
      <td width="53%" align="center" style="border-style: none; border-width: medium" bgcolor="#C0C0C0">
      <input type = "text" name = "fname" size = "33"></td>
      <td width="77%" align="center" style="border-left-style: none; border-left-width: medium" bgcolor="#C0C0C0"><font color="#FF0000">*</font></td>
    </tr>
    <tr>
      <td width="39%" align="right" bgcolor="#FFFFFF" style="border-right-style: none; border-right-width: medium">&nbsp;</td>
      <td width="53%" bgcolor="#FFFFFF" align="center" style="border-style: none; border-width: medium">&nbsp;</td>
      <td width="77%" align="center" bgcolor="#FFFFFF" style="border-left-style: none; border-left-width: medium">&nbsp;</td>
    </tr>
    <tr>
      <td width="39%" align="right" style="border-right-style: none; border-right-width: medium" bgcolor="#C0C0C0">
      <b>last name:</b></td>
      <td width="53%" align="center" style="border-style: none; border-width: medium" bgcolor="#C0C0C0">
      <input type = "text" name = "lname" size = "33"></td>
      <td width="77%" align="center" style="border-left-style: none; border-left-width: medium" bgcolor="#C0C0C0"><font color="#FF0000">*</font></td>
    </tr>
    <tr>
      <td width="39%" align="right" bgcolor="#FFFFFF" style="border-right-style: none; border-right-width: medium">&nbsp;</td>
      <td width="53%" bgcolor="#FFFFFF" align="center" style="border-style: none; border-width: medium">&nbsp;</td>
      <td width="77%" align="center" bgcolor="#FFFFFF" style="border-left-style: none; border-left-width: medium">&nbsp;</td>
    </tr>
    <tr>
      <td width="39%" align="right" style="border-right-style: none; border-right-width: medium" bgcolor="#C0C0C0">
      <b>business address:</b></td>
      <td width="53%" align="center" style="border-style: none; border-width: medium" bgcolor="#C0C0C0">
      <input type = "text" name = "bus_add" size = "33"></td size="20">
      <td width="77%" align="center" style="border-left-style: none; border-left-width: medium" bgcolor="#C0C0C0"><font color="#FF0000">*</font></td>
    </tr>
    <tr>
      <td width="39%" align="right" bgcolor="#FFFFFF" style="border-right-style: none; border-right-width: medium">&nbsp;</td>
      <td width="53%" bgcolor="#FFFFFF" align="center" style="border-style: none; border-width: medium">&nbsp;</td>
      <td width="77%" align="center" bgcolor="#FFFFFF" style="border-left-style: none; border-left-width: medium">&nbsp;</td>
    </tr>
    <tr>
      <td width="39%" align="right" style="border-right-style: none; border-right-width: medium" bgcolor="#C0C0C0">
      <b>mailing address 1:</b></td>
      <td width="53%" align="center" style="border-style: none; border-width: medium" bgcolor="#C0C0C0">
      <input type = "text" name = "mail_add1" size = "33"></td>
      <td width="77%" align="center" style="border-left-style: none; border-left-width: medium" bgcolor="#C0C0C0"><font color="#FF0000">*</font></td>
    </tr>
    <tr>
      <td width="39%" align="right" bgcolor="#C0C0C0" style="border-right-style: none; border-right-width: medium">
      <b>mailing address 2:</b></td>
      <td width="53%" bgcolor="#C0C0C0" align="center" style="border-style: none; border-width: medium">
      <input type = "text" name = "mail_add2" size = "33"></td>
      <td width="77%" align="center" bgcolor="#C0C0C0" style="border-left-style: none; border-left-width: medium">&nbsp;</td>
    </tr>
    <tr>
      <td width="39%" align="right" bgcolor="#C0C0C0" style="border-right-style: none; border-right-width: medium">
      <b>city:</b></td>
      <td width="53%" bgcolor="#C0C0C0" align="center" style="border-style: none; border-width: medium">
      <input type = "text" name = "city" size = "33"></td>
      <td width="77%" align="center" bgcolor="#C0C0C0" style="border-left-style: none; border-left-width: medium">
      <font color="#FF0000">*</font></td>
    </tr>
    <tr>
      <td width="39%" align="right" bgcolor="#C0C0C0" style="border-right-style: none; border-right-width: medium">
      <b>province:</b></td>
      <td width="53%" bgcolor="#C0C0C0" align="center" style="border-style: none; border-width: medium">
      <input type = "text" name = "province" size = "33"></td>
      <td width="77%" align="center" bgcolor="#C0C0C0" style="border-left-style: none; border-left-width: medium">
      <font color="#FF0000">*</font></td>
    </tr>
    <tr>
      <td width="39%" align="right" bgcolor="#C0C0C0" style="border-right-style: none; border-right-width: medium">
      <b>postal code:</b></td>
      <td width="53%" bgcolor="#C0C0C0" align="center" style="border-style: none; border-width: medium">
      <input type = "text" name = "postal_code" size = "33"></td>
      <td width="77%" align="center" bgcolor="#C0C0C0" style="border-left-style: none; border-left-width: medium">
      <font color="#FF0000">*</font></td>
    </tr>
    <tr>
      <td width="39%" align="right" bgcolor="#FFFFFF" style="border-right-style: none; border-right-width: medium">&nbsp;</td>
      <td width="53%" bgcolor="#FFFFFF" align="center" style="border-style: none; border-width: medium">&nbsp;</td>
      <td width="77%" align="center" bgcolor="#FFFFFF" style="border-left-style: none; border-left-width: medium">&nbsp;</td>
    </tr>
    <tr>
      <td width="39%" align="right" style="border-right-style: none; border-right-width: medium" bgcolor="#C0C0C0">
      <b>business phone number:</b></td>
      <td width="53%" align="center" style="border-style: none; border-width: medium" bgcolor="#C0C0C0">
      <input type = "text" name = "bus_phone" size = "33"></td>
      <td width="77%" align="center" style="border-left-style: none; border-left-width: medium" bgcolor="#C0C0C0"><font color="#FF0000">*</font></td>
    </tr>
    <tr>
      <td width="169%" align="right" colspan="3" bgcolor="#FF0000">
      <p align="left">&nbsp;</td>
    </tr>
  </table>
  <br>
  <input type = "submit" name = "submitted" value = "Submit Registration" onClick = "return checkWholeForm()">&nbsp;<input type = "reset" value = "Clear">
  </form>
  <font color = "FF0000">* Denotes a Required Field
  </center>
</div>

</body>

</html>

Code for survey.php *******************************************************************************

<?
      include('../script/connect2invitedb.php');
    include('../script/startsession.php');

         $insert = 'UPDATE random SET used`=\'Y\' WHERE random_number = '.$_GET['password'].'';
    $inserted = mysql_query($inserted) or die(mysql_error());
?>

The page can be viewed at http://jayce.kicks-ass.org ... password is 81012
0
Comment
Question by:llcooljayce
  • 2
3 Comments
 
LVL 5

Accepted Solution

by:
TheClickMaster earned 300 total points
Comment Utility
The problem is. When you use header('Location: /loggedin/register.php?password='.$_POST['password']);
the variable is not $_POST but $_GET.  I would suggest the use of session variables you seem to "start" session but never use them.

In login.php Instead of

header('Location: /loggedin/register.php?password='.$_POST['password']);
(this is really not safe BTW passing the password through GET)

use

session_register(passwd);
$_SESSION['passwd'] = $_POST['password'];
header('Location: /loggedin/register.php');

In register.php  change

 <input type = "hidden" name = "hpassword" value = "<?=$_POST['password']?>">

To

 <input type = "hidden" name = "hpassword" value = "<? $_SESSION['passwd'] ?>">

And change

header('Location: /loggedin/survey.php?password='.$_POST['password']);

To

header('Location: /loggedin/survey.php');


In survey.php instead of $_GET['password'] use $_SESSION['passwd']
0
 
LVL 4

Author Comment

by:llcooljayce
Comment Utility
Perfect answer ClickMaster!  Thanks!
0
 
LVL 5

Expert Comment

by:TheClickMaster
Comment Utility
Glad I could help you! =)
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now