Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

PHP header() and hiden form fields

Posted on 2004-04-19
3
558 Views
Last Modified: 2013-12-12
Hey guys.  My problem is as follows:

I have a simple registration page which presents the user with a login page.  The user will use a unique password in the login page then go to the registration page.  Once registation is filled out correctly they are sent to an optional survey page.  It is in that survey page that I am trying to invalidate the password.  The problem is that I cannot seem to pass the password variable forward ... according to some people in IRC, it is because of the use of my header redirect.  So I tried to pass the password through the header but I can't seem to get it to propigate to the 3rd page.  Could someone give me a way to pass the password variable forward?

To clarify:

login.php --> register.php --> survey.php (in survey.php the password used in login.php must be invalidated ... but I can't pass it)

Code for login.php: ********************************************************************************

<?
      include('./script/connect2invitedb.php');
    include('./script/startsession.php');

    if(isset($_POST['password']))
    {
        $query = 'select * from random where random_number = "'.$_POST['password'].'"';
        $result = mysql_query($query) or die(mysql_error());
        $row = mysql_fetch_array($result, MYSQL_BOTH);

        if($row['used'] == "N")
        {
               //header("Location: /loggedin/test.php");
            header('Location: /loggedin/register.php?password='.$_POST['password']);
        }

             if($row['used'] == "Y")
          {
              echo "<br><br><br><br><br><br><br><br>";
              echo "<b><center><font color = 'red' size = '+2'>";
              echo "Ticket Registration Code Already Verified"."</font></center></b>";
        ?>
            <html>
                 <head>
                   <script language = "javascript">
                   function focus(){
                      login.password.focus();
                   }
                   </script>
                    <title>Rigstar Movie Invitation - Login</title>
                   </head>
                    <body onLoad = "focus()">
                    <center>
                     <img src = "./images/logo.jpg"><br>
                      Please insert Ticket Registration Code<br><br>
                     <form action = "<? echo $_SERVER['PHP_SELF']?>" method = "POST" name = "login">
                      <input type = "text" name = "password" size = "5"><br><br>
                    <input type = "hidden" name = "hpassword" value = "<?=$_POST['password']?>">
                      <input type = "submit" value = "Submit" name = "submit">
                      <input type = "reset" value = "Clear">
                     </form>
                    </center>
                   </body>
                  </html>
          <?
          }
        if(!($row))
        {
              echo "<br><br><br><br><br><br><br><br>";
              echo "<b><center><font color = 'red' size = '+2'>";
            echo "Incorrect Ticket Registration Code"."</font></center></b>";
        ?>
            <html>
                 <head>
                   <script language = "javascript">
                   function focus(){
                      login.password.focus();
                   }
                   </script>
                    <title>Rigstar Movie Invitation - Login</title>
                   </head>
                    <body onLoad = "focus()">
                    <center>
                     <img src = "./images/logo.jpg"><br>
                      Please insert Ricket Registration Code<br><br>
                     <form action = "<? echo $_SERVER['PHP_SELF']?>" method = "POST" name = "login">
                      <input type = "text" name = "password" size = "5"><br><br>
                    <input type = "hidden" name = "hpassword" value = "<?=$_POST['password']?>">
                      <input type = "submit" value = "Submit" name = "submit">
                      <input type = "reset" value = "Clear">
                     </form>
                    </center>
                   </body>
                  </html>
          <?
            }
    }
    else
    {?>
    <html>
     <head>
     <script language = "javascript">
     function focus(){
          login.password.focus();
     }
     </script>
      <title>Rigstar Movie Invitation - Login</title>
     </head>
      <body onLoad = "focus()">
        <center>
       <br><br><br><br><br><br><br><br><br>
       <img src = "./images/logo.jpg"><br>
        Please insert Ticket Registration Code<br><br>
       <form action = "<? echo $_SERVER['PHP_SELF']?>" method = "POST" name = "login">
        <input type = "text" name = "password" size = "5"><br><br>
        <input type = "hidden" name = "hpassword" value = "<?=$_POST['password']?>">
        <input type = "submit" value = "Submit" name = "submit">
        <input type = "reset" value = "Clear">
       </form>
      </center>
     </body>
    </html>
    <?
    }
mysql_close();
?>

Code for register.php ********************************************************************************

<?
      include('../script/connect2invitedb.php');
    include('../script/startsession.php');

    if($_POST['submitted'])
    {
          $query = "insert into INFORMATION
                     (information_id, email, fname, lname, bus_add, mail_add1, mail_add2, city, province, postal_code, bus_phone)
                 VALUES (',','$_POST[email]','$_POST[fname]','$_POST[lname]','$_POST[bus_add]','$_POST[mail_add1]','$_POST[mail_add2]','$_POST[city]','$_POST[province]','$_POST[postal_code]','$_POST[bus_phone]')";
          $result = mysql_query($query) or die(mysql_error());
            header('Location: /loggedin/survey.php?password='.$_POST['password']);
    }
?>
<html>

<head>
<title>Rigstar Movie Invitation - Registration</title>
<script language = "javascript" src ="../script/embed.js">
</script>
</head>

<body>
<p align="center">&nbsp;</p>
<div align="center">
  <center>
  <img src = "../images/logo.jpg" width="450" height="150">
  <form action = "<? echo $_SERVER['PHP_SELF']?>" method = "POST" name = "information">
  <input type = "hidden" name = "hpassword" value = "<?=$_POST['password']?>">
  <table border="0" cellpadding="2" style="border-collapse: collapse" bordercolor="#111111" width="53%" id="AutoNumber1">
    <tr>
      <td width="169%" align="right" colspan="3" bgcolor="#FF0000">
      <p align="center"><font color="#FFFFFF" face="Times New Roman">Please Enter the Following
Information to Register</font></td>
    </tr>
    <tr>
      <td width="39%" align="right" style="border-right-style: none; border-right-width: medium" bgcolor="#C0C0C0">
      <b>email address: </b> </td>
      <td width="53%" align="center" style="border-style: none; border-width: medium" bgcolor="#C0C0C0">
      <input type = "text" name = "email" size="33"></td>
      <td width="77%" align="center" style="border-left-style: none; border-left-width: medium" bgcolor="#C0C0C0"><font color="#FF0000">*</font></td>
    </tr>
    <tr>
      <td width="39%" align="right" bgcolor="#FFFFFF" style="border-right-style: none; border-right-width: medium">&nbsp;</td>
      <td width="53%" bgcolor="#FFFFFF" align="center" style="border-style: none; border-width: medium">&nbsp;</td>
      <td width="77%" align="center" bgcolor="#FFFFFF" style="border-left-style: none; border-left-width: medium">&nbsp;</td>
    </tr>
    <tr>
      <td width="39%" align="right" style="border-right-style: none; border-right-width: medium" bgcolor="#C0C0C0">
      <b>first name:</b></td>
      <td width="53%" align="center" style="border-style: none; border-width: medium" bgcolor="#C0C0C0">
      <input type = "text" name = "fname" size = "33"></td>
      <td width="77%" align="center" style="border-left-style: none; border-left-width: medium" bgcolor="#C0C0C0"><font color="#FF0000">*</font></td>
    </tr>
    <tr>
      <td width="39%" align="right" bgcolor="#FFFFFF" style="border-right-style: none; border-right-width: medium">&nbsp;</td>
      <td width="53%" bgcolor="#FFFFFF" align="center" style="border-style: none; border-width: medium">&nbsp;</td>
      <td width="77%" align="center" bgcolor="#FFFFFF" style="border-left-style: none; border-left-width: medium">&nbsp;</td>
    </tr>
    <tr>
      <td width="39%" align="right" style="border-right-style: none; border-right-width: medium" bgcolor="#C0C0C0">
      <b>last name:</b></td>
      <td width="53%" align="center" style="border-style: none; border-width: medium" bgcolor="#C0C0C0">
      <input type = "text" name = "lname" size = "33"></td>
      <td width="77%" align="center" style="border-left-style: none; border-left-width: medium" bgcolor="#C0C0C0"><font color="#FF0000">*</font></td>
    </tr>
    <tr>
      <td width="39%" align="right" bgcolor="#FFFFFF" style="border-right-style: none; border-right-width: medium">&nbsp;</td>
      <td width="53%" bgcolor="#FFFFFF" align="center" style="border-style: none; border-width: medium">&nbsp;</td>
      <td width="77%" align="center" bgcolor="#FFFFFF" style="border-left-style: none; border-left-width: medium">&nbsp;</td>
    </tr>
    <tr>
      <td width="39%" align="right" style="border-right-style: none; border-right-width: medium" bgcolor="#C0C0C0">
      <b>business address:</b></td>
      <td width="53%" align="center" style="border-style: none; border-width: medium" bgcolor="#C0C0C0">
      <input type = "text" name = "bus_add" size = "33"></td size="20">
      <td width="77%" align="center" style="border-left-style: none; border-left-width: medium" bgcolor="#C0C0C0"><font color="#FF0000">*</font></td>
    </tr>
    <tr>
      <td width="39%" align="right" bgcolor="#FFFFFF" style="border-right-style: none; border-right-width: medium">&nbsp;</td>
      <td width="53%" bgcolor="#FFFFFF" align="center" style="border-style: none; border-width: medium">&nbsp;</td>
      <td width="77%" align="center" bgcolor="#FFFFFF" style="border-left-style: none; border-left-width: medium">&nbsp;</td>
    </tr>
    <tr>
      <td width="39%" align="right" style="border-right-style: none; border-right-width: medium" bgcolor="#C0C0C0">
      <b>mailing address 1:</b></td>
      <td width="53%" align="center" style="border-style: none; border-width: medium" bgcolor="#C0C0C0">
      <input type = "text" name = "mail_add1" size = "33"></td>
      <td width="77%" align="center" style="border-left-style: none; border-left-width: medium" bgcolor="#C0C0C0"><font color="#FF0000">*</font></td>
    </tr>
    <tr>
      <td width="39%" align="right" bgcolor="#C0C0C0" style="border-right-style: none; border-right-width: medium">
      <b>mailing address 2:</b></td>
      <td width="53%" bgcolor="#C0C0C0" align="center" style="border-style: none; border-width: medium">
      <input type = "text" name = "mail_add2" size = "33"></td>
      <td width="77%" align="center" bgcolor="#C0C0C0" style="border-left-style: none; border-left-width: medium">&nbsp;</td>
    </tr>
    <tr>
      <td width="39%" align="right" bgcolor="#C0C0C0" style="border-right-style: none; border-right-width: medium">
      <b>city:</b></td>
      <td width="53%" bgcolor="#C0C0C0" align="center" style="border-style: none; border-width: medium">
      <input type = "text" name = "city" size = "33"></td>
      <td width="77%" align="center" bgcolor="#C0C0C0" style="border-left-style: none; border-left-width: medium">
      <font color="#FF0000">*</font></td>
    </tr>
    <tr>
      <td width="39%" align="right" bgcolor="#C0C0C0" style="border-right-style: none; border-right-width: medium">
      <b>province:</b></td>
      <td width="53%" bgcolor="#C0C0C0" align="center" style="border-style: none; border-width: medium">
      <input type = "text" name = "province" size = "33"></td>
      <td width="77%" align="center" bgcolor="#C0C0C0" style="border-left-style: none; border-left-width: medium">
      <font color="#FF0000">*</font></td>
    </tr>
    <tr>
      <td width="39%" align="right" bgcolor="#C0C0C0" style="border-right-style: none; border-right-width: medium">
      <b>postal code:</b></td>
      <td width="53%" bgcolor="#C0C0C0" align="center" style="border-style: none; border-width: medium">
      <input type = "text" name = "postal_code" size = "33"></td>
      <td width="77%" align="center" bgcolor="#C0C0C0" style="border-left-style: none; border-left-width: medium">
      <font color="#FF0000">*</font></td>
    </tr>
    <tr>
      <td width="39%" align="right" bgcolor="#FFFFFF" style="border-right-style: none; border-right-width: medium">&nbsp;</td>
      <td width="53%" bgcolor="#FFFFFF" align="center" style="border-style: none; border-width: medium">&nbsp;</td>
      <td width="77%" align="center" bgcolor="#FFFFFF" style="border-left-style: none; border-left-width: medium">&nbsp;</td>
    </tr>
    <tr>
      <td width="39%" align="right" style="border-right-style: none; border-right-width: medium" bgcolor="#C0C0C0">
      <b>business phone number:</b></td>
      <td width="53%" align="center" style="border-style: none; border-width: medium" bgcolor="#C0C0C0">
      <input type = "text" name = "bus_phone" size = "33"></td>
      <td width="77%" align="center" style="border-left-style: none; border-left-width: medium" bgcolor="#C0C0C0"><font color="#FF0000">*</font></td>
    </tr>
    <tr>
      <td width="169%" align="right" colspan="3" bgcolor="#FF0000">
      <p align="left">&nbsp;</td>
    </tr>
  </table>
  <br>
  <input type = "submit" name = "submitted" value = "Submit Registration" onClick = "return checkWholeForm()">&nbsp;<input type = "reset" value = "Clear">
  </form>
  <font color = "FF0000">* Denotes a Required Field
  </center>
</div>

</body>

</html>

Code for survey.php *******************************************************************************

<?
      include('../script/connect2invitedb.php');
    include('../script/startsession.php');

         $insert = 'UPDATE random SET used`=\'Y\' WHERE random_number = '.$_GET['password'].'';
    $inserted = mysql_query($inserted) or die(mysql_error());
?>

The page can be viewed at http://jayce.kicks-ass.org ... password is 81012
0
Comment
Question by:llcooljayce
  • 2
3 Comments
 
LVL 5

Accepted Solution

by:
TheClickMaster earned 300 total points
ID: 10865213
The problem is. When you use header('Location: /loggedin/register.php?password='.$_POST['password']);
the variable is not $_POST but $_GET.  I would suggest the use of session variables you seem to "start" session but never use them.

In login.php Instead of

header('Location: /loggedin/register.php?password='.$_POST['password']);
(this is really not safe BTW passing the password through GET)

use

session_register(passwd);
$_SESSION['passwd'] = $_POST['password'];
header('Location: /loggedin/register.php');

In register.php  change

 <input type = "hidden" name = "hpassword" value = "<?=$_POST['password']?>">

To

 <input type = "hidden" name = "hpassword" value = "<? $_SESSION['passwd'] ?>">

And change

header('Location: /loggedin/survey.php?password='.$_POST['password']);

To

header('Location: /loggedin/survey.php');


In survey.php instead of $_GET['password'] use $_SESSION['passwd']
0
 
LVL 4

Author Comment

by:llcooljayce
ID: 10865374
Perfect answer ClickMaster!  Thanks!
0
 
LVL 5

Expert Comment

by:TheClickMaster
ID: 10865491
Glad I could help you! =)
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
mysqli_connect error on wamp but not on remote server 8 37
Wordpress Security 29 48
PHP breaks when used in Wordpress template file 3 30
$_SERVER Variable question 31 26
Author Note: Since this E-E article was originally written, years ago, formal testing has come into common use in the world of PHP.  PHPUnit (http://en.wikipedia.org/wiki/PHPUnit) and similar technologies have enjoyed wide adoption, making it possib…
Developers of all skill levels should learn to use current best practices when developing websites. However many developers, new and old, fall into the trap of using deprecated features because this is what so many tutorials and books tell them to u…
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question