Solved

PHP header() and hiden form fields

Posted on 2004-04-19
3
563 Views
Last Modified: 2013-12-12
Hey guys.  My problem is as follows:

I have a simple registration page which presents the user with a login page.  The user will use a unique password in the login page then go to the registration page.  Once registation is filled out correctly they are sent to an optional survey page.  It is in that survey page that I am trying to invalidate the password.  The problem is that I cannot seem to pass the password variable forward ... according to some people in IRC, it is because of the use of my header redirect.  So I tried to pass the password through the header but I can't seem to get it to propigate to the 3rd page.  Could someone give me a way to pass the password variable forward?

To clarify:

login.php --> register.php --> survey.php (in survey.php the password used in login.php must be invalidated ... but I can't pass it)

Code for login.php: ********************************************************************************

<?
      include('./script/connect2invitedb.php');
    include('./script/startsession.php');

    if(isset($_POST['password']))
    {
        $query = 'select * from random where random_number = "'.$_POST['password'].'"';
        $result = mysql_query($query) or die(mysql_error());
        $row = mysql_fetch_array($result, MYSQL_BOTH);

        if($row['used'] == "N")
        {
               //header("Location: /loggedin/test.php");
            header('Location: /loggedin/register.php?password='.$_POST['password']);
        }

             if($row['used'] == "Y")
          {
              echo "<br><br><br><br><br><br><br><br>";
              echo "<b><center><font color = 'red' size = '+2'>";
              echo "Ticket Registration Code Already Verified"."</font></center></b>";
        ?>
            <html>
                 <head>
                   <script language = "javascript">
                   function focus(){
                      login.password.focus();
                   }
                   </script>
                    <title>Rigstar Movie Invitation - Login</title>
                   </head>
                    <body onLoad = "focus()">
                    <center>
                     <img src = "./images/logo.jpg"><br>
                      Please insert Ticket Registration Code<br><br>
                     <form action = "<? echo $_SERVER['PHP_SELF']?>" method = "POST" name = "login">
                      <input type = "text" name = "password" size = "5"><br><br>
                    <input type = "hidden" name = "hpassword" value = "<?=$_POST['password']?>">
                      <input type = "submit" value = "Submit" name = "submit">
                      <input type = "reset" value = "Clear">
                     </form>
                    </center>
                   </body>
                  </html>
          <?
          }
        if(!($row))
        {
              echo "<br><br><br><br><br><br><br><br>";
              echo "<b><center><font color = 'red' size = '+2'>";
            echo "Incorrect Ticket Registration Code"."</font></center></b>";
        ?>
            <html>
                 <head>
                   <script language = "javascript">
                   function focus(){
                      login.password.focus();
                   }
                   </script>
                    <title>Rigstar Movie Invitation - Login</title>
                   </head>
                    <body onLoad = "focus()">
                    <center>
                     <img src = "./images/logo.jpg"><br>
                      Please insert Ricket Registration Code<br><br>
                     <form action = "<? echo $_SERVER['PHP_SELF']?>" method = "POST" name = "login">
                      <input type = "text" name = "password" size = "5"><br><br>
                    <input type = "hidden" name = "hpassword" value = "<?=$_POST['password']?>">
                      <input type = "submit" value = "Submit" name = "submit">
                      <input type = "reset" value = "Clear">
                     </form>
                    </center>
                   </body>
                  </html>
          <?
            }
    }
    else
    {?>
    <html>
     <head>
     <script language = "javascript">
     function focus(){
          login.password.focus();
     }
     </script>
      <title>Rigstar Movie Invitation - Login</title>
     </head>
      <body onLoad = "focus()">
        <center>
       <br><br><br><br><br><br><br><br><br>
       <img src = "./images/logo.jpg"><br>
        Please insert Ticket Registration Code<br><br>
       <form action = "<? echo $_SERVER['PHP_SELF']?>" method = "POST" name = "login">
        <input type = "text" name = "password" size = "5"><br><br>
        <input type = "hidden" name = "hpassword" value = "<?=$_POST['password']?>">
        <input type = "submit" value = "Submit" name = "submit">
        <input type = "reset" value = "Clear">
       </form>
      </center>
     </body>
    </html>
    <?
    }
mysql_close();
?>

Code for register.php ********************************************************************************

<?
      include('../script/connect2invitedb.php');
    include('../script/startsession.php');

    if($_POST['submitted'])
    {
          $query = "insert into INFORMATION
                     (information_id, email, fname, lname, bus_add, mail_add1, mail_add2, city, province, postal_code, bus_phone)
                 VALUES (',','$_POST[email]','$_POST[fname]','$_POST[lname]','$_POST[bus_add]','$_POST[mail_add1]','$_POST[mail_add2]','$_POST[city]','$_POST[province]','$_POST[postal_code]','$_POST[bus_phone]')";
          $result = mysql_query($query) or die(mysql_error());
            header('Location: /loggedin/survey.php?password='.$_POST['password']);
    }
?>
<html>

<head>
<title>Rigstar Movie Invitation - Registration</title>
<script language = "javascript" src ="../script/embed.js">
</script>
</head>

<body>
<p align="center">&nbsp;</p>
<div align="center">
  <center>
  <img src = "../images/logo.jpg" width="450" height="150">
  <form action = "<? echo $_SERVER['PHP_SELF']?>" method = "POST" name = "information">
  <input type = "hidden" name = "hpassword" value = "<?=$_POST['password']?>">
  <table border="0" cellpadding="2" style="border-collapse: collapse" bordercolor="#111111" width="53%" id="AutoNumber1">
    <tr>
      <td width="169%" align="right" colspan="3" bgcolor="#FF0000">
      <p align="center"><font color="#FFFFFF" face="Times New Roman">Please Enter the Following
Information to Register</font></td>
    </tr>
    <tr>
      <td width="39%" align="right" style="border-right-style: none; border-right-width: medium" bgcolor="#C0C0C0">
      <b>email address: </b> </td>
      <td width="53%" align="center" style="border-style: none; border-width: medium" bgcolor="#C0C0C0">
      <input type = "text" name = "email" size="33"></td>
      <td width="77%" align="center" style="border-left-style: none; border-left-width: medium" bgcolor="#C0C0C0"><font color="#FF0000">*</font></td>
    </tr>
    <tr>
      <td width="39%" align="right" bgcolor="#FFFFFF" style="border-right-style: none; border-right-width: medium">&nbsp;</td>
      <td width="53%" bgcolor="#FFFFFF" align="center" style="border-style: none; border-width: medium">&nbsp;</td>
      <td width="77%" align="center" bgcolor="#FFFFFF" style="border-left-style: none; border-left-width: medium">&nbsp;</td>
    </tr>
    <tr>
      <td width="39%" align="right" style="border-right-style: none; border-right-width: medium" bgcolor="#C0C0C0">
      <b>first name:</b></td>
      <td width="53%" align="center" style="border-style: none; border-width: medium" bgcolor="#C0C0C0">
      <input type = "text" name = "fname" size = "33"></td>
      <td width="77%" align="center" style="border-left-style: none; border-left-width: medium" bgcolor="#C0C0C0"><font color="#FF0000">*</font></td>
    </tr>
    <tr>
      <td width="39%" align="right" bgcolor="#FFFFFF" style="border-right-style: none; border-right-width: medium">&nbsp;</td>
      <td width="53%" bgcolor="#FFFFFF" align="center" style="border-style: none; border-width: medium">&nbsp;</td>
      <td width="77%" align="center" bgcolor="#FFFFFF" style="border-left-style: none; border-left-width: medium">&nbsp;</td>
    </tr>
    <tr>
      <td width="39%" align="right" style="border-right-style: none; border-right-width: medium" bgcolor="#C0C0C0">
      <b>last name:</b></td>
      <td width="53%" align="center" style="border-style: none; border-width: medium" bgcolor="#C0C0C0">
      <input type = "text" name = "lname" size = "33"></td>
      <td width="77%" align="center" style="border-left-style: none; border-left-width: medium" bgcolor="#C0C0C0"><font color="#FF0000">*</font></td>
    </tr>
    <tr>
      <td width="39%" align="right" bgcolor="#FFFFFF" style="border-right-style: none; border-right-width: medium">&nbsp;</td>
      <td width="53%" bgcolor="#FFFFFF" align="center" style="border-style: none; border-width: medium">&nbsp;</td>
      <td width="77%" align="center" bgcolor="#FFFFFF" style="border-left-style: none; border-left-width: medium">&nbsp;</td>
    </tr>
    <tr>
      <td width="39%" align="right" style="border-right-style: none; border-right-width: medium" bgcolor="#C0C0C0">
      <b>business address:</b></td>
      <td width="53%" align="center" style="border-style: none; border-width: medium" bgcolor="#C0C0C0">
      <input type = "text" name = "bus_add" size = "33"></td size="20">
      <td width="77%" align="center" style="border-left-style: none; border-left-width: medium" bgcolor="#C0C0C0"><font color="#FF0000">*</font></td>
    </tr>
    <tr>
      <td width="39%" align="right" bgcolor="#FFFFFF" style="border-right-style: none; border-right-width: medium">&nbsp;</td>
      <td width="53%" bgcolor="#FFFFFF" align="center" style="border-style: none; border-width: medium">&nbsp;</td>
      <td width="77%" align="center" bgcolor="#FFFFFF" style="border-left-style: none; border-left-width: medium">&nbsp;</td>
    </tr>
    <tr>
      <td width="39%" align="right" style="border-right-style: none; border-right-width: medium" bgcolor="#C0C0C0">
      <b>mailing address 1:</b></td>
      <td width="53%" align="center" style="border-style: none; border-width: medium" bgcolor="#C0C0C0">
      <input type = "text" name = "mail_add1" size = "33"></td>
      <td width="77%" align="center" style="border-left-style: none; border-left-width: medium" bgcolor="#C0C0C0"><font color="#FF0000">*</font></td>
    </tr>
    <tr>
      <td width="39%" align="right" bgcolor="#C0C0C0" style="border-right-style: none; border-right-width: medium">
      <b>mailing address 2:</b></td>
      <td width="53%" bgcolor="#C0C0C0" align="center" style="border-style: none; border-width: medium">
      <input type = "text" name = "mail_add2" size = "33"></td>
      <td width="77%" align="center" bgcolor="#C0C0C0" style="border-left-style: none; border-left-width: medium">&nbsp;</td>
    </tr>
    <tr>
      <td width="39%" align="right" bgcolor="#C0C0C0" style="border-right-style: none; border-right-width: medium">
      <b>city:</b></td>
      <td width="53%" bgcolor="#C0C0C0" align="center" style="border-style: none; border-width: medium">
      <input type = "text" name = "city" size = "33"></td>
      <td width="77%" align="center" bgcolor="#C0C0C0" style="border-left-style: none; border-left-width: medium">
      <font color="#FF0000">*</font></td>
    </tr>
    <tr>
      <td width="39%" align="right" bgcolor="#C0C0C0" style="border-right-style: none; border-right-width: medium">
      <b>province:</b></td>
      <td width="53%" bgcolor="#C0C0C0" align="center" style="border-style: none; border-width: medium">
      <input type = "text" name = "province" size = "33"></td>
      <td width="77%" align="center" bgcolor="#C0C0C0" style="border-left-style: none; border-left-width: medium">
      <font color="#FF0000">*</font></td>
    </tr>
    <tr>
      <td width="39%" align="right" bgcolor="#C0C0C0" style="border-right-style: none; border-right-width: medium">
      <b>postal code:</b></td>
      <td width="53%" bgcolor="#C0C0C0" align="center" style="border-style: none; border-width: medium">
      <input type = "text" name = "postal_code" size = "33"></td>
      <td width="77%" align="center" bgcolor="#C0C0C0" style="border-left-style: none; border-left-width: medium">
      <font color="#FF0000">*</font></td>
    </tr>
    <tr>
      <td width="39%" align="right" bgcolor="#FFFFFF" style="border-right-style: none; border-right-width: medium">&nbsp;</td>
      <td width="53%" bgcolor="#FFFFFF" align="center" style="border-style: none; border-width: medium">&nbsp;</td>
      <td width="77%" align="center" bgcolor="#FFFFFF" style="border-left-style: none; border-left-width: medium">&nbsp;</td>
    </tr>
    <tr>
      <td width="39%" align="right" style="border-right-style: none; border-right-width: medium" bgcolor="#C0C0C0">
      <b>business phone number:</b></td>
      <td width="53%" align="center" style="border-style: none; border-width: medium" bgcolor="#C0C0C0">
      <input type = "text" name = "bus_phone" size = "33"></td>
      <td width="77%" align="center" style="border-left-style: none; border-left-width: medium" bgcolor="#C0C0C0"><font color="#FF0000">*</font></td>
    </tr>
    <tr>
      <td width="169%" align="right" colspan="3" bgcolor="#FF0000">
      <p align="left">&nbsp;</td>
    </tr>
  </table>
  <br>
  <input type = "submit" name = "submitted" value = "Submit Registration" onClick = "return checkWholeForm()">&nbsp;<input type = "reset" value = "Clear">
  </form>
  <font color = "FF0000">* Denotes a Required Field
  </center>
</div>

</body>

</html>

Code for survey.php *******************************************************************************

<?
      include('../script/connect2invitedb.php');
    include('../script/startsession.php');

         $insert = 'UPDATE random SET used`=\'Y\' WHERE random_number = '.$_GET['password'].'';
    $inserted = mysql_query($inserted) or die(mysql_error());
?>

The page can be viewed at http://jayce.kicks-ass.org ... password is 81012
0
Comment
Question by:llcooljayce
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 5

Accepted Solution

by:
TheClickMaster earned 300 total points
ID: 10865213
The problem is. When you use header('Location: /loggedin/register.php?password='.$_POST['password']);
the variable is not $_POST but $_GET.  I would suggest the use of session variables you seem to "start" session but never use them.

In login.php Instead of

header('Location: /loggedin/register.php?password='.$_POST['password']);
(this is really not safe BTW passing the password through GET)

use

session_register(passwd);
$_SESSION['passwd'] = $_POST['password'];
header('Location: /loggedin/register.php');

In register.php  change

 <input type = "hidden" name = "hpassword" value = "<?=$_POST['password']?>">

To

 <input type = "hidden" name = "hpassword" value = "<? $_SESSION['passwd'] ?>">

And change

header('Location: /loggedin/survey.php?password='.$_POST['password']);

To

header('Location: /loggedin/survey.php');


In survey.php instead of $_GET['password'] use $_SESSION['passwd']
0
 
LVL 4

Author Comment

by:llcooljayce
ID: 10865374
Perfect answer ClickMaster!  Thanks!
0
 
LVL 5

Expert Comment

by:TheClickMaster
ID: 10865491
Glad I could help you! =)
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Part of the Global Positioning System A geocode (https://developers.google.com/maps/documentation/geocoding/) is the major subset of a GPS coordinate (http://en.wikipedia.org/wiki/Global_Positioning_System), the other parts being the altitude and t…
This article discusses how to implement server side field validation and display customized error messages to the client.
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

724 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question