?
Solved

PHP header() and hiden form fields

Posted on 2004-04-19
3
Medium Priority
?
565 Views
Last Modified: 2013-12-12
Hey guys.  My problem is as follows:

I have a simple registration page which presents the user with a login page.  The user will use a unique password in the login page then go to the registration page.  Once registation is filled out correctly they are sent to an optional survey page.  It is in that survey page that I am trying to invalidate the password.  The problem is that I cannot seem to pass the password variable forward ... according to some people in IRC, it is because of the use of my header redirect.  So I tried to pass the password through the header but I can't seem to get it to propigate to the 3rd page.  Could someone give me a way to pass the password variable forward?

To clarify:

login.php --> register.php --> survey.php (in survey.php the password used in login.php must be invalidated ... but I can't pass it)

Code for login.php: ********************************************************************************

<?
      include('./script/connect2invitedb.php');
    include('./script/startsession.php');

    if(isset($_POST['password']))
    {
        $query = 'select * from random where random_number = "'.$_POST['password'].'"';
        $result = mysql_query($query) or die(mysql_error());
        $row = mysql_fetch_array($result, MYSQL_BOTH);

        if($row['used'] == "N")
        {
               //header("Location: /loggedin/test.php");
            header('Location: /loggedin/register.php?password='.$_POST['password']);
        }

             if($row['used'] == "Y")
          {
              echo "<br><br><br><br><br><br><br><br>";
              echo "<b><center><font color = 'red' size = '+2'>";
              echo "Ticket Registration Code Already Verified"."</font></center></b>";
        ?>
            <html>
                 <head>
                   <script language = "javascript">
                   function focus(){
                      login.password.focus();
                   }
                   </script>
                    <title>Rigstar Movie Invitation - Login</title>
                   </head>
                    <body onLoad = "focus()">
                    <center>
                     <img src = "./images/logo.jpg"><br>
                      Please insert Ticket Registration Code<br><br>
                     <form action = "<? echo $_SERVER['PHP_SELF']?>" method = "POST" name = "login">
                      <input type = "text" name = "password" size = "5"><br><br>
                    <input type = "hidden" name = "hpassword" value = "<?=$_POST['password']?>">
                      <input type = "submit" value = "Submit" name = "submit">
                      <input type = "reset" value = "Clear">
                     </form>
                    </center>
                   </body>
                  </html>
          <?
          }
        if(!($row))
        {
              echo "<br><br><br><br><br><br><br><br>";
              echo "<b><center><font color = 'red' size = '+2'>";
            echo "Incorrect Ticket Registration Code"."</font></center></b>";
        ?>
            <html>
                 <head>
                   <script language = "javascript">
                   function focus(){
                      login.password.focus();
                   }
                   </script>
                    <title>Rigstar Movie Invitation - Login</title>
                   </head>
                    <body onLoad = "focus()">
                    <center>
                     <img src = "./images/logo.jpg"><br>
                      Please insert Ricket Registration Code<br><br>
                     <form action = "<? echo $_SERVER['PHP_SELF']?>" method = "POST" name = "login">
                      <input type = "text" name = "password" size = "5"><br><br>
                    <input type = "hidden" name = "hpassword" value = "<?=$_POST['password']?>">
                      <input type = "submit" value = "Submit" name = "submit">
                      <input type = "reset" value = "Clear">
                     </form>
                    </center>
                   </body>
                  </html>
          <?
            }
    }
    else
    {?>
    <html>
     <head>
     <script language = "javascript">
     function focus(){
          login.password.focus();
     }
     </script>
      <title>Rigstar Movie Invitation - Login</title>
     </head>
      <body onLoad = "focus()">
        <center>
       <br><br><br><br><br><br><br><br><br>
       <img src = "./images/logo.jpg"><br>
        Please insert Ticket Registration Code<br><br>
       <form action = "<? echo $_SERVER['PHP_SELF']?>" method = "POST" name = "login">
        <input type = "text" name = "password" size = "5"><br><br>
        <input type = "hidden" name = "hpassword" value = "<?=$_POST['password']?>">
        <input type = "submit" value = "Submit" name = "submit">
        <input type = "reset" value = "Clear">
       </form>
      </center>
     </body>
    </html>
    <?
    }
mysql_close();
?>

Code for register.php ********************************************************************************

<?
      include('../script/connect2invitedb.php');
    include('../script/startsession.php');

    if($_POST['submitted'])
    {
          $query = "insert into INFORMATION
                     (information_id, email, fname, lname, bus_add, mail_add1, mail_add2, city, province, postal_code, bus_phone)
                 VALUES (',','$_POST[email]','$_POST[fname]','$_POST[lname]','$_POST[bus_add]','$_POST[mail_add1]','$_POST[mail_add2]','$_POST[city]','$_POST[province]','$_POST[postal_code]','$_POST[bus_phone]')";
          $result = mysql_query($query) or die(mysql_error());
            header('Location: /loggedin/survey.php?password='.$_POST['password']);
    }
?>
<html>

<head>
<title>Rigstar Movie Invitation - Registration</title>
<script language = "javascript" src ="../script/embed.js">
</script>
</head>

<body>
<p align="center">&nbsp;</p>
<div align="center">
  <center>
  <img src = "../images/logo.jpg" width="450" height="150">
  <form action = "<? echo $_SERVER['PHP_SELF']?>" method = "POST" name = "information">
  <input type = "hidden" name = "hpassword" value = "<?=$_POST['password']?>">
  <table border="0" cellpadding="2" style="border-collapse: collapse" bordercolor="#111111" width="53%" id="AutoNumber1">
    <tr>
      <td width="169%" align="right" colspan="3" bgcolor="#FF0000">
      <p align="center"><font color="#FFFFFF" face="Times New Roman">Please Enter the Following
Information to Register</font></td>
    </tr>
    <tr>
      <td width="39%" align="right" style="border-right-style: none; border-right-width: medium" bgcolor="#C0C0C0">
      <b>email address: </b> </td>
      <td width="53%" align="center" style="border-style: none; border-width: medium" bgcolor="#C0C0C0">
      <input type = "text" name = "email" size="33"></td>
      <td width="77%" align="center" style="border-left-style: none; border-left-width: medium" bgcolor="#C0C0C0"><font color="#FF0000">*</font></td>
    </tr>
    <tr>
      <td width="39%" align="right" bgcolor="#FFFFFF" style="border-right-style: none; border-right-width: medium">&nbsp;</td>
      <td width="53%" bgcolor="#FFFFFF" align="center" style="border-style: none; border-width: medium">&nbsp;</td>
      <td width="77%" align="center" bgcolor="#FFFFFF" style="border-left-style: none; border-left-width: medium">&nbsp;</td>
    </tr>
    <tr>
      <td width="39%" align="right" style="border-right-style: none; border-right-width: medium" bgcolor="#C0C0C0">
      <b>first name:</b></td>
      <td width="53%" align="center" style="border-style: none; border-width: medium" bgcolor="#C0C0C0">
      <input type = "text" name = "fname" size = "33"></td>
      <td width="77%" align="center" style="border-left-style: none; border-left-width: medium" bgcolor="#C0C0C0"><font color="#FF0000">*</font></td>
    </tr>
    <tr>
      <td width="39%" align="right" bgcolor="#FFFFFF" style="border-right-style: none; border-right-width: medium">&nbsp;</td>
      <td width="53%" bgcolor="#FFFFFF" align="center" style="border-style: none; border-width: medium">&nbsp;</td>
      <td width="77%" align="center" bgcolor="#FFFFFF" style="border-left-style: none; border-left-width: medium">&nbsp;</td>
    </tr>
    <tr>
      <td width="39%" align="right" style="border-right-style: none; border-right-width: medium" bgcolor="#C0C0C0">
      <b>last name:</b></td>
      <td width="53%" align="center" style="border-style: none; border-width: medium" bgcolor="#C0C0C0">
      <input type = "text" name = "lname" size = "33"></td>
      <td width="77%" align="center" style="border-left-style: none; border-left-width: medium" bgcolor="#C0C0C0"><font color="#FF0000">*</font></td>
    </tr>
    <tr>
      <td width="39%" align="right" bgcolor="#FFFFFF" style="border-right-style: none; border-right-width: medium">&nbsp;</td>
      <td width="53%" bgcolor="#FFFFFF" align="center" style="border-style: none; border-width: medium">&nbsp;</td>
      <td width="77%" align="center" bgcolor="#FFFFFF" style="border-left-style: none; border-left-width: medium">&nbsp;</td>
    </tr>
    <tr>
      <td width="39%" align="right" style="border-right-style: none; border-right-width: medium" bgcolor="#C0C0C0">
      <b>business address:</b></td>
      <td width="53%" align="center" style="border-style: none; border-width: medium" bgcolor="#C0C0C0">
      <input type = "text" name = "bus_add" size = "33"></td size="20">
      <td width="77%" align="center" style="border-left-style: none; border-left-width: medium" bgcolor="#C0C0C0"><font color="#FF0000">*</font></td>
    </tr>
    <tr>
      <td width="39%" align="right" bgcolor="#FFFFFF" style="border-right-style: none; border-right-width: medium">&nbsp;</td>
      <td width="53%" bgcolor="#FFFFFF" align="center" style="border-style: none; border-width: medium">&nbsp;</td>
      <td width="77%" align="center" bgcolor="#FFFFFF" style="border-left-style: none; border-left-width: medium">&nbsp;</td>
    </tr>
    <tr>
      <td width="39%" align="right" style="border-right-style: none; border-right-width: medium" bgcolor="#C0C0C0">
      <b>mailing address 1:</b></td>
      <td width="53%" align="center" style="border-style: none; border-width: medium" bgcolor="#C0C0C0">
      <input type = "text" name = "mail_add1" size = "33"></td>
      <td width="77%" align="center" style="border-left-style: none; border-left-width: medium" bgcolor="#C0C0C0"><font color="#FF0000">*</font></td>
    </tr>
    <tr>
      <td width="39%" align="right" bgcolor="#C0C0C0" style="border-right-style: none; border-right-width: medium">
      <b>mailing address 2:</b></td>
      <td width="53%" bgcolor="#C0C0C0" align="center" style="border-style: none; border-width: medium">
      <input type = "text" name = "mail_add2" size = "33"></td>
      <td width="77%" align="center" bgcolor="#C0C0C0" style="border-left-style: none; border-left-width: medium">&nbsp;</td>
    </tr>
    <tr>
      <td width="39%" align="right" bgcolor="#C0C0C0" style="border-right-style: none; border-right-width: medium">
      <b>city:</b></td>
      <td width="53%" bgcolor="#C0C0C0" align="center" style="border-style: none; border-width: medium">
      <input type = "text" name = "city" size = "33"></td>
      <td width="77%" align="center" bgcolor="#C0C0C0" style="border-left-style: none; border-left-width: medium">
      <font color="#FF0000">*</font></td>
    </tr>
    <tr>
      <td width="39%" align="right" bgcolor="#C0C0C0" style="border-right-style: none; border-right-width: medium">
      <b>province:</b></td>
      <td width="53%" bgcolor="#C0C0C0" align="center" style="border-style: none; border-width: medium">
      <input type = "text" name = "province" size = "33"></td>
      <td width="77%" align="center" bgcolor="#C0C0C0" style="border-left-style: none; border-left-width: medium">
      <font color="#FF0000">*</font></td>
    </tr>
    <tr>
      <td width="39%" align="right" bgcolor="#C0C0C0" style="border-right-style: none; border-right-width: medium">
      <b>postal code:</b></td>
      <td width="53%" bgcolor="#C0C0C0" align="center" style="border-style: none; border-width: medium">
      <input type = "text" name = "postal_code" size = "33"></td>
      <td width="77%" align="center" bgcolor="#C0C0C0" style="border-left-style: none; border-left-width: medium">
      <font color="#FF0000">*</font></td>
    </tr>
    <tr>
      <td width="39%" align="right" bgcolor="#FFFFFF" style="border-right-style: none; border-right-width: medium">&nbsp;</td>
      <td width="53%" bgcolor="#FFFFFF" align="center" style="border-style: none; border-width: medium">&nbsp;</td>
      <td width="77%" align="center" bgcolor="#FFFFFF" style="border-left-style: none; border-left-width: medium">&nbsp;</td>
    </tr>
    <tr>
      <td width="39%" align="right" style="border-right-style: none; border-right-width: medium" bgcolor="#C0C0C0">
      <b>business phone number:</b></td>
      <td width="53%" align="center" style="border-style: none; border-width: medium" bgcolor="#C0C0C0">
      <input type = "text" name = "bus_phone" size = "33"></td>
      <td width="77%" align="center" style="border-left-style: none; border-left-width: medium" bgcolor="#C0C0C0"><font color="#FF0000">*</font></td>
    </tr>
    <tr>
      <td width="169%" align="right" colspan="3" bgcolor="#FF0000">
      <p align="left">&nbsp;</td>
    </tr>
  </table>
  <br>
  <input type = "submit" name = "submitted" value = "Submit Registration" onClick = "return checkWholeForm()">&nbsp;<input type = "reset" value = "Clear">
  </form>
  <font color = "FF0000">* Denotes a Required Field
  </center>
</div>

</body>

</html>

Code for survey.php *******************************************************************************

<?
      include('../script/connect2invitedb.php');
    include('../script/startsession.php');

         $insert = 'UPDATE random SET used`=\'Y\' WHERE random_number = '.$_GET['password'].'';
    $inserted = mysql_query($inserted) or die(mysql_error());
?>

The page can be viewed at http://jayce.kicks-ass.org ... password is 81012
0
Comment
Question by:llcooljayce
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 5

Accepted Solution

by:
TheClickMaster earned 1200 total points
ID: 10865213
The problem is. When you use header('Location: /loggedin/register.php?password='.$_POST['password']);
the variable is not $_POST but $_GET.  I would suggest the use of session variables you seem to "start" session but never use them.

In login.php Instead of

header('Location: /loggedin/register.php?password='.$_POST['password']);
(this is really not safe BTW passing the password through GET)

use

session_register(passwd);
$_SESSION['passwd'] = $_POST['password'];
header('Location: /loggedin/register.php');

In register.php  change

 <input type = "hidden" name = "hpassword" value = "<?=$_POST['password']?>">

To

 <input type = "hidden" name = "hpassword" value = "<? $_SESSION['passwd'] ?>">

And change

header('Location: /loggedin/survey.php?password='.$_POST['password']);

To

header('Location: /loggedin/survey.php');


In survey.php instead of $_GET['password'] use $_SESSION['passwd']
0
 
LVL 4

Author Comment

by:llcooljayce
ID: 10865374
Perfect answer ClickMaster!  Thanks!
0
 
LVL 5

Expert Comment

by:TheClickMaster
ID: 10865491
Glad I could help you! =)
0

Featured Post

[Webinar] Lessons on Recovering from Petya

Skyport is working hard to help customers recover from recent attacks, like the Petya worm. This work has brought to light some important lessons. New malware attacks like this can take down your entire environment. Learn from others mistakes on how to prevent Petya like worms.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Author Note: Since this E-E article was originally written, years ago, formal testing has come into common use in the world of PHP.  PHPUnit (http://en.wikipedia.org/wiki/PHPUnit) and similar technologies have enjoyed wide adoption, making it possib…
These days socially coordinated efforts have turned into a critical requirement for enterprises.
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question