Hi there, I would like to ask a question about how to pass a variable from page to page. For example, I have my first page for login and used a session with cookie and after submitting successfully and redirect my page to another page I want show statement like Hello Smith or Welcome Smith, and it doesn't work properly. Anyone knows the soulution would be appreciated. Thanks -
<?php
-
if (loggedin())
-
{
-
header("Location: redirectpage.php");
-
exit();
-
}
-
if ($_POST["login"])
-
{
-
global $username;
-
$username = $_POST['username'];
-
$password = $_POST['password'];
-
$rememberme = $_POST['rememberme'];
-
-
-
if($username&&$password)
-
{
-
-
$login = mysql_query("SELECT * FROM usersystem where username='$username'");
-
while ($row = mysql_fetch_assoc($login))
-
{
-
$db_password = $row['password'];
-
if($password==$db_password)
-
-
else
-
setcookie("username", $username, time()+7200);
-
else if ($rememberme=="")
-
$_SESSION['logged_in']== $username;
-
$_SESSION['username'] =$_POST['username'];
-
-
//userarea.php
-
header("Location: redirectpage.php");
-
exit();
-
-
}
-
-
}
-
-
}
-
else
-
die("Please enter a username and password");
-
-
}
-
?>
-
This is the code for the second page that I want the name of the user to show up. - <?php
-
session_start();
-
-
$username = $_SESSION['username'];
-
-
echo $_SESSION['username'];
-
-
-
-
echo "Hello ". $username ;
-
?>
So what's wrong with my code. Thanks again
20 3376 Atli 5,058
Recognized Expert Expert
Hey.
There is a syntax error there on line 24. The if, else and else if statements don't match up.
It is generally best to always use brackets with if statements, even if they only execute on line of code. It helps to avoid problems like these. - // Avoid this:
-
if(true == true)
-
echo "It is true!";
-
echo "A completely unrelated line...";
-
-
// Rather do this:
-
if(true == true) {
-
echo "It is true!";
-
}
-
echo "A completely unrelated line...";
There are a couple of extra charachters required, but it makes it a whole lot clearer to read, especially if your indentations are sloppy.
Actually the I wrote the code and I knew that it's wrong because I picked up just for example of how to pass session variable to another page and I was asking about this. Anyway thanks a lot of passing my thread.
you can try this - redirectpage.php?user_name=johny&user_age=100
then in redirectpage.ph p usign $_GET you can have the data. i.e - $name=$_GET[user_name];
-
$age=$_GET[user_age];
Regards
johny
Thanks for reply I'm really thankful to u
by the way, actually the first code that I submitted in the first topic that will be in the login screen and I can't pass the login and password in the tool bar of the browser so I'm using POST instead of get because it's much secure. I tried your code but I used POST but couldn't get the username.
So what should I do?
I dont know what is your plan.
But if you try session it may help. After user log in you can save the user_name and Password using session. your php page will be able to use these session anytime if session is valide. Cookie is a solution but a very easy solution to destroy the security.
Regards,
Johny
Atli 5,058
Recognized Expert Expert
OK, to answer the original question: there are a couple of methods you can use to pass things between pages. - Sessions
These are the most secure of the methods, because the actual data is stored on the server, while only a session identifier is passed to the browser (usually as a cookie). Any page on the domain can then activate the session and use the data, given that the cookie is not destroyed. This is highly recommended for storing sensitive data, such as user login information. - Cookies
Less secure and reliable than sessions, but more long-term. Whereas a session is destroyed every time the browser is closed (by default), a cookie can remain indefinitely. It is usually best not to use these to store sensitive info, only info that would not be a security threat if it fell into the wrong hands. - GET parameters
Adding variables to the URL can serve as a (very) short-term method of passing data between pages. This is usually reserved for things like passing paging information via navigation links. In general, if the same piece of data needs to be passed to more than a couple of pages, a session or a cookie is a better choice.
There are a few more possible methods, but they are generally so situational and questionable that they are hardly worth mentioning.
For the purposes of storing user login data, a session would be ideal. Putting the user name and ID into the session is pretty standard.
This is a pretty generic example of how that would be done. - <?php
-
// Make sure the login info was passed
-
if(isset($_POST['name'], $_POST['password']))
-
{
-
// Fetch the user name from POST.
-
// Note the use of the mysql_real_escape_string function.
-
// It should ALWAYS be used on data that is to be
-
// inserted into a SQL query.
-
$name = mysql_real_escape_string($_POST['name']);
-
-
// Fetch the password. Note that I hash() the password.
-
// This ensures the password is secure, even if
-
// the database itself is comprimized. You should
-
// ALWAYS hash passwords, and never store them as
-
// plain text. The above rule about the escape_string
-
// function does not apply here, as a hash is always
-
// safe to put into a SQL query.
-
$pwd_hash = hash('sha1', $_POST['password']);
-
-
// Verify that the login info is valid.
-
// It is better to fetch the user info based on
-
// the username and the password, rather than to pass
-
// it only the username and verify the password with
-
// PHP. This way, if the login is invalid, the real
-
// password never enters your PHP code, making it more
-
// secure.
-
$sql = "SELECT `id` FROM `user`
-
WHERE (`name` = '{$name}')
-
AND (`password` = '{$pwd_hash}')";
-
-
$result = mysql_query($sql) or trigger_error(mysql_error(), E_ERROR);
-
-
// If a single row was returned, the user info is
-
// valid. If more than a single row was returned,
-
// odds are that something went rong, or that your
-
// code has somehow been comprimized. This is why
-
// you should validate ONLY if a single row is returned.
-
if(mysql_num_rows($sql) == 1)
-
{
-
$row = mysql_fetch_assoc($sql);
-
-
// Here we start the session and enter the
-
// user info into it. Note that session values
-
// can be arrays themselves, so that you can group
-
// similar elements together, like I do here.
-
session_start();
-
$_SESSION['user']['id'] = $row['id'];
-
$_SESSION['user']['name'] = $name;
-
}
-
else
-
{
-
echo "Login failed. Please try again!";
-
}
-
}
-
else
-
{
-
echo "Username and/or password were not passed.";
-
}
-
-
?>
You can then verify a user as logged in on other pages by doing something like: - <?php
-
session_start();
-
-
// Check if the user session element exists.
-
// If it does, we can assume the client has
-
// already logged in. If not, we can not.
-
if(!isset($_SESSION['user']))
-
{
-
// Redirect back to the user login page.
-
header('Location: login.php');
-
exit;
-
}
-
-
// Display the rest of the user-secure content.
-
echo "Welcome, {$_SESSION['user']['name']}!";
-
?>
@johny10151981
You should NEVER store the password anywhere, especially in it's plain-text form. If you absolutely can not avoid it, you should at least hash it before doing so. Passwords are one of the more sensitive pieces of info your application will ever handle and they should be used as little as possible.
I mean, consider if a malicious user managed to inject a PHP script to your server. It would be fairly easy for him to hijack sessions and view all the session data, including the password. Limiting this to usernames and IDs makes this sort of breach a lot less damaging.
kovik 1,044
Recognized Expert Top Contributor
I disagree. The password should be stored in its hashed form. What if two users are logged into the same account at once? What if the valid user knew that someone knows his password and he needs to change it before the other user harms his account? He would then change his password. If the password was re-authenticated on every page request (as I believe it should be), then the false user would be essentially logged out.
Atli 5,058
Recognized Expert Expert
That's an extremely rare scenario, to be honest, and preventing it hardly takes priority over the security of all passwords being used. Even in it's hashed form, in the hands of a malicious user a password would be a major security concern.
But if this scenario is of great concern to you, a far more sensible method - surely - would be to add a "modified" timestamp to the user account that would be updated with the password. The value of that timestamp at the time when a user is logged in would then be stored with the session and checked on every reload.
There is rarely a situation where you need to store the password anywhere - outside normal login and account maintenance - and you really should avoid it wherever possible, for obvious security reasons. That is what I would generally recommend, in any case.
Hi Atli,
You have comment out one of my line. Actually I am explaining it. I did tell to store data using SESSION but I didnt mean to store in storage device like hard disk. If I am not wrong session data get stored in the server and in the RAM. My understanding says Session stores run time data.
I also strongly disagree password in server's storage device.
Regards,
Johny
Sign in to post your reply or Sign up for a free account.
Similar topics |
by: Paul |
last post by:
Hmmm, didn't seem to work. I have set session.use_cookies = 1 and
session.use_trans_sid = 1 in my php.ini file. Index.php contains:
----------------------------------------------------------------------------
<?php
ini_set("session.use_cookies", "off");
ini_set("session.use_trans_sid", "on");
session_start();
$_SESSION = "";
$_SESSION = "";
echo "<form method='POST' action='login.php'>
|
by: Jason Us |
last post by:
Does anyone have experience with passing variables from an ASP page to
a JSP page.
The way it currently works in passing the SSN in the URL. This cannot
be good.
I thought that storing a unique session ID in a cookie and referencing
the SSN from the Session ID would be the correct way to do this. But
since we have two separate servers, IIS and Websphere, how do we
coordinate the session ID?
|
by: jr |
last post by:
Sorry for this very dumb question, but I've clearly got a long way to go!
Can someone please help me pass an array into a function. Here's a starting
point.
void TheMainFunc()
{
// Body of code...
TCHAR myArray;
DoStuff(myArray);
|
by: opt_inf_env |
last post by:
Hello,
I know three ways to pass variables form one page to another. The first
one is to declare and set session variable. In this case if one goes to
another page (by clicking on hyperlink or pressing a button) value of a
session variable will be automatically seen on the new page. The second
way is to set hidden variables in the form and go to new page by
execution of this form (press a button or enter), and the last way,
which I...
|
by: Geoff Cox |
last post by:
Hello,
I have written before that I can pass a variable from page 1 to page 2
if I call the variable "name".
Stephen Chalmers has written,
>'name' is effectively a reserved word as the variable window.name is
>created automatically, but is not read-only.
>Use more imaginative names for variables.
| |
by: Mike P |
last post by:
When you are passing a value to another page, and will need access to it
throughout the page and on any postbacks, what is the best way to store
it? By making it a variable accessible to the whole page, or by putting
it in the ViewState?
Thanks,
Mike
|
by: James Robertson |
last post by:
I am new to the ASP and VB thing so be kind. Question I have is that
I have created an ASPX web site to use as an E-Mail page. But I want
to use this for a lot of users. Can I create the link on the WEB site
to mail to passing a variable from the WEB site to the ASPX web site
to E-Mail to? Hope I explained this correctly.
This is a response from another group.
There was no way for you to know it, but this is a classic asp newsgroup....
|
by: DaTurk |
last post by:
If I call this method, and pass it a byte by ref, and initialize
another byte array, set the original equal to it, and then null the
reference, why is the original byte array not null as well? I thought
passing by reference, your passing the address in memory.
public bool DoSomething(ref byte data)
{
byte retVal = null;
try
|
by: rfr |
last post by:
I have a need to use a single version of a Visitor Response Feedback Form on
numerous
HTML documents. Rather than have numerous versions of this, one on each HTML
document, it makes more sense to have ONE FORM and use it from each HTML
document that needs it.
But, the visitor should see a title on the form that relates to the specific
page about which they are giving the feedback. And the results of the form
must include what page was...
|
by: aelred |
last post by:
I have a web page where a member can open up a chat window (child window) with another member.
- From there the member can also navigate to other web pages.
- From other pages in the site, they may also open up new chat windows with other members (just not the same one).
- Each chat page is opened with the member name as the window name.
- When I log off from the web page, I would like all the chat windows to automatically close.
I...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
| |
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
| |
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |