Solved

PHP header() and hiden form fields

Posted on 2004-04-19
3
559 Views
Last Modified: 2013-12-12
Hey guys.  My problem is as follows:

I have a simple registration page which presents the user with a login page.  The user will use a unique password in the login page then go to the registration page.  Once registation is filled out correctly they are sent to an optional survey page.  It is in that survey page that I am trying to invalidate the password.  The problem is that I cannot seem to pass the password variable forward ... according to some people in IRC, it is because of the use of my header redirect.  So I tried to pass the password through the header but I can't seem to get it to propigate to the 3rd page.  Could someone give me a way to pass the password variable forward?

To clarify:

login.php --> register.php --> survey.php (in survey.php the password used in login.php must be invalidated ... but I can't pass it)

Code for login.php: ********************************************************************************

<?
      include('./script/connect2invitedb.php');
    include('./script/startsession.php');

    if(isset($_POST['password']))
    {
        $query = 'select * from random where random_number = "'.$_POST['password'].'"';
        $result = mysql_query($query) or die(mysql_error());
        $row = mysql_fetch_array($result, MYSQL_BOTH);

        if($row['used'] == "N")
        {
               //header("Location: /loggedin/test.php");
            header('Location: /loggedin/register.php?password='.$_POST['password']);
        }

             if($row['used'] == "Y")
          {
              echo "<br><br><br><br><br><br><br><br>";
              echo "<b><center><font color = 'red' size = '+2'>";
              echo "Ticket Registration Code Already Verified"."</font></center></b>";
        ?>
            <html>
                 <head>
                   <script language = "javascript">
                   function focus(){
                      login.password.focus();
                   }
                   </script>
                    <title>Rigstar Movie Invitation - Login</title>
                   </head>
                    <body onLoad = "focus()">
                    <center>
                     <img src = "./images/logo.jpg"><br>
                      Please insert Ticket Registration Code<br><br>
                     <form action = "<? echo $_SERVER['PHP_SELF']?>" method = "POST" name = "login">
                      <input type = "text" name = "password" size = "5"><br><br>
                    <input type = "hidden" name = "hpassword" value = "<?=$_POST['password']?>">
                      <input type = "submit" value = "Submit" name = "submit">
                      <input type = "reset" value = "Clear">
                     </form>
                    </center>
                   </body>
                  </html>
          <?
          }
        if(!($row))
        {
              echo "<br><br><br><br><br><br><br><br>";
              echo "<b><center><font color = 'red' size = '+2'>";
            echo "Incorrect Ticket Registration Code"."</font></center></b>";
        ?>
            <html>
                 <head>
                   <script language = "javascript">
                   function focus(){
                      login.password.focus();
                   }
                   </script>
                    <title>Rigstar Movie Invitation - Login</title>
                   </head>
                    <body onLoad = "focus()">
                    <center>
                     <img src = "./images/logo.jpg"><br>
                      Please insert Ricket Registration Code<br><br>
                     <form action = "<? echo $_SERVER['PHP_SELF']?>" method = "POST" name = "login">
                      <input type = "text" name = "password" size = "5"><br><br>
                    <input type = "hidden" name = "hpassword" value = "<?=$_POST['password']?>">
                      <input type = "submit" value = "Submit" name = "submit">
                      <input type = "reset" value = "Clear">
                     </form>
                    </center>
                   </body>
                  </html>
          <?
            }
    }
    else
    {?>
    <html>
     <head>
     <script language = "javascript">
     function focus(){
          login.password.focus();
     }
     </script>
      <title>Rigstar Movie Invitation - Login</title>
     </head>
      <body onLoad = "focus()">
        <center>
       <br><br><br><br><br><br><br><br><br>
       <img src = "./images/logo.jpg"><br>
        Please insert Ticket Registration Code<br><br>
       <form action = "<? echo $_SERVER['PHP_SELF']?>" method = "POST" name = "login">
        <input type = "text" name = "password" size = "5"><br><br>
        <input type = "hidden" name = "hpassword" value = "<?=$_POST['password']?>">
        <input type = "submit" value = "Submit" name = "submit">
        <input type = "reset" value = "Clear">
       </form>
      </center>
     </body>
    </html>
    <?
    }
mysql_close();
?>

Code for register.php ********************************************************************************

<?
      include('../script/connect2invitedb.php');
    include('../script/startsession.php');

    if($_POST['submitted'])
    {
          $query = "insert into INFORMATION
                     (information_id, email, fname, lname, bus_add, mail_add1, mail_add2, city, province, postal_code, bus_phone)
                 VALUES (',','$_POST[email]','$_POST[fname]','$_POST[lname]','$_POST[bus_add]','$_POST[mail_add1]','$_POST[mail_add2]','$_POST[city]','$_POST[province]','$_POST[postal_code]','$_POST[bus_phone]')";
          $result = mysql_query($query) or die(mysql_error());
            header('Location: /loggedin/survey.php?password='.$_POST['password']);
    }
?>
<html>

<head>
<title>Rigstar Movie Invitation - Registration</title>
<script language = "javascript" src ="../script/embed.js">
</script>
</head>

<body>
<p align="center">&nbsp;</p>
<div align="center">
  <center>
  <img src = "../images/logo.jpg" width="450" height="150">
  <form action = "<? echo $_SERVER['PHP_SELF']?>" method = "POST" name = "information">
  <input type = "hidden" name = "hpassword" value = "<?=$_POST['password']?>">
  <table border="0" cellpadding="2" style="border-collapse: collapse" bordercolor="#111111" width="53%" id="AutoNumber1">
    <tr>
      <td width="169%" align="right" colspan="3" bgcolor="#FF0000">
      <p align="center"><font color="#FFFFFF" face="Times New Roman">Please Enter the Following
Information to Register</font></td>
    </tr>
    <tr>
      <td width="39%" align="right" style="border-right-style: none; border-right-width: medium" bgcolor="#C0C0C0">
      <b>email address: </b> </td>
      <td width="53%" align="center" style="border-style: none; border-width: medium" bgcolor="#C0C0C0">
      <input type = "text" name = "email" size="33"></td>
      <td width="77%" align="center" style="border-left-style: none; border-left-width: medium" bgcolor="#C0C0C0"><font color="#FF0000">*</font></td>
    </tr>
    <tr>
      <td width="39%" align="right" bgcolor="#FFFFFF" style="border-right-style: none; border-right-width: medium">&nbsp;</td>
      <td width="53%" bgcolor="#FFFFFF" align="center" style="border-style: none; border-width: medium">&nbsp;</td>
      <td width="77%" align="center" bgcolor="#FFFFFF" style="border-left-style: none; border-left-width: medium">&nbsp;</td>
    </tr>
    <tr>
      <td width="39%" align="right" style="border-right-style: none; border-right-width: medium" bgcolor="#C0C0C0">
      <b>first name:</b></td>
      <td width="53%" align="center" style="border-style: none; border-width: medium" bgcolor="#C0C0C0">
      <input type = "text" name = "fname" size = "33"></td>
      <td width="77%" align="center" style="border-left-style: none; border-left-width: medium" bgcolor="#C0C0C0"><font color="#FF0000">*</font></td>
    </tr>
    <tr>
      <td width="39%" align="right" bgcolor="#FFFFFF" style="border-right-style: none; border-right-width: medium">&nbsp;</td>
      <td width="53%" bgcolor="#FFFFFF" align="center" style="border-style: none; border-width: medium">&nbsp;</td>
      <td width="77%" align="center" bgcolor="#FFFFFF" style="border-left-style: none; border-left-width: medium">&nbsp;</td>
    </tr>
    <tr>
      <td width="39%" align="right" style="border-right-style: none; border-right-width: medium" bgcolor="#C0C0C0">
      <b>last name:</b></td>
      <td width="53%" align="center" style="border-style: none; border-width: medium" bgcolor="#C0C0C0">
      <input type = "text" name = "lname" size = "33"></td>
      <td width="77%" align="center" style="border-left-style: none; border-left-width: medium" bgcolor="#C0C0C0"><font color="#FF0000">*</font></td>
    </tr>
    <tr>
      <td width="39%" align="right" bgcolor="#FFFFFF" style="border-right-style: none; border-right-width: medium">&nbsp;</td>
      <td width="53%" bgcolor="#FFFFFF" align="center" style="border-style: none; border-width: medium">&nbsp;</td>
      <td width="77%" align="center" bgcolor="#FFFFFF" style="border-left-style: none; border-left-width: medium">&nbsp;</td>
    </tr>
    <tr>
      <td width="39%" align="right" style="border-right-style: none; border-right-width: medium" bgcolor="#C0C0C0">
      <b>business address:</b></td>
      <td width="53%" align="center" style="border-style: none; border-width: medium" bgcolor="#C0C0C0">
      <input type = "text" name = "bus_add" size = "33"></td size="20">
      <td width="77%" align="center" style="border-left-style: none; border-left-width: medium" bgcolor="#C0C0C0"><font color="#FF0000">*</font></td>
    </tr>
    <tr>
      <td width="39%" align="right" bgcolor="#FFFFFF" style="border-right-style: none; border-right-width: medium">&nbsp;</td>
      <td width="53%" bgcolor="#FFFFFF" align="center" style="border-style: none; border-width: medium">&nbsp;</td>
      <td width="77%" align="center" bgcolor="#FFFFFF" style="border-left-style: none; border-left-width: medium">&nbsp;</td>
    </tr>
    <tr>
      <td width="39%" align="right" style="border-right-style: none; border-right-width: medium" bgcolor="#C0C0C0">
      <b>mailing address 1:</b></td>
      <td width="53%" align="center" style="border-style: none; border-width: medium" bgcolor="#C0C0C0">
      <input type = "text" name = "mail_add1" size = "33"></td>
      <td width="77%" align="center" style="border-left-style: none; border-left-width: medium" bgcolor="#C0C0C0"><font color="#FF0000">*</font></td>
    </tr>
    <tr>
      <td width="39%" align="right" bgcolor="#C0C0C0" style="border-right-style: none; border-right-width: medium">
      <b>mailing address 2:</b></td>
      <td width="53%" bgcolor="#C0C0C0" align="center" style="border-style: none; border-width: medium">
      <input type = "text" name = "mail_add2" size = "33"></td>
      <td width="77%" align="center" bgcolor="#C0C0C0" style="border-left-style: none; border-left-width: medium">&nbsp;</td>
    </tr>
    <tr>
      <td width="39%" align="right" bgcolor="#C0C0C0" style="border-right-style: none; border-right-width: medium">
      <b>city:</b></td>
      <td width="53%" bgcolor="#C0C0C0" align="center" style="border-style: none; border-width: medium">
      <input type = "text" name = "city" size = "33"></td>
      <td width="77%" align="center" bgcolor="#C0C0C0" style="border-left-style: none; border-left-width: medium">
      <font color="#FF0000">*</font></td>
    </tr>
    <tr>
      <td width="39%" align="right" bgcolor="#C0C0C0" style="border-right-style: none; border-right-width: medium">
      <b>province:</b></td>
      <td width="53%" bgcolor="#C0C0C0" align="center" style="border-style: none; border-width: medium">
      <input type = "text" name = "province" size = "33"></td>
      <td width="77%" align="center" bgcolor="#C0C0C0" style="border-left-style: none; border-left-width: medium">
      <font color="#FF0000">*</font></td>
    </tr>
    <tr>
      <td width="39%" align="right" bgcolor="#C0C0C0" style="border-right-style: none; border-right-width: medium">
      <b>postal code:</b></td>
      <td width="53%" bgcolor="#C0C0C0" align="center" style="border-style: none; border-width: medium">
      <input type = "text" name = "postal_code" size = "33"></td>
      <td width="77%" align="center" bgcolor="#C0C0C0" style="border-left-style: none; border-left-width: medium">
      <font color="#FF0000">*</font></td>
    </tr>
    <tr>
      <td width="39%" align="right" bgcolor="#FFFFFF" style="border-right-style: none; border-right-width: medium">&nbsp;</td>
      <td width="53%" bgcolor="#FFFFFF" align="center" style="border-style: none; border-width: medium">&nbsp;</td>
      <td width="77%" align="center" bgcolor="#FFFFFF" style="border-left-style: none; border-left-width: medium">&nbsp;</td>
    </tr>
    <tr>
      <td width="39%" align="right" style="border-right-style: none; border-right-width: medium" bgcolor="#C0C0C0">
      <b>business phone number:</b></td>
      <td width="53%" align="center" style="border-style: none; border-width: medium" bgcolor="#C0C0C0">
      <input type = "text" name = "bus_phone" size = "33"></td>
      <td width="77%" align="center" style="border-left-style: none; border-left-width: medium" bgcolor="#C0C0C0"><font color="#FF0000">*</font></td>
    </tr>
    <tr>
      <td width="169%" align="right" colspan="3" bgcolor="#FF0000">
      <p align="left">&nbsp;</td>
    </tr>
  </table>
  <br>
  <input type = "submit" name = "submitted" value = "Submit Registration" onClick = "return checkWholeForm()">&nbsp;<input type = "reset" value = "Clear">
  </form>
  <font color = "FF0000">* Denotes a Required Field
  </center>
</div>

</body>

</html>

Code for survey.php *******************************************************************************

<?
      include('../script/connect2invitedb.php');
    include('../script/startsession.php');

         $insert = 'UPDATE random SET used`=\'Y\' WHERE random_number = '.$_GET['password'].'';
    $inserted = mysql_query($inserted) or die(mysql_error());
?>

The page can be viewed at http://jayce.kicks-ass.org ... password is 81012
0
Comment
Question by:llcooljayce
  • 2
3 Comments
 
LVL 5

Accepted Solution

by:
TheClickMaster earned 300 total points
ID: 10865213
The problem is. When you use header('Location: /loggedin/register.php?password='.$_POST['password']);
the variable is not $_POST but $_GET.  I would suggest the use of session variables you seem to "start" session but never use them.

In login.php Instead of

header('Location: /loggedin/register.php?password='.$_POST['password']);
(this is really not safe BTW passing the password through GET)

use

session_register(passwd);
$_SESSION['passwd'] = $_POST['password'];
header('Location: /loggedin/register.php');

In register.php  change

 <input type = "hidden" name = "hpassword" value = "<?=$_POST['password']?>">

To

 <input type = "hidden" name = "hpassword" value = "<? $_SESSION['passwd'] ?>">

And change

header('Location: /loggedin/survey.php?password='.$_POST['password']);

To

header('Location: /loggedin/survey.php');


In survey.php instead of $_GET['password'] use $_SESSION['passwd']
0
 
LVL 4

Author Comment

by:llcooljayce
ID: 10865374
Perfect answer ClickMaster!  Thanks!
0
 
LVL 5

Expert Comment

by:TheClickMaster
ID: 10865491
Glad I could help you! =)
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
3 proven steps to speed up Magento powered sites. The article focus is on optimizing time to first byte (TTFB), full page caching and configuring server for optimal performance.
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to dynamically set the form action using jQuery.

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question