473,840 Members | 1,662 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

passing a variable from page to another page

25 New Member
Hi there, I would like to ask a question about how to pass a variable from page to page. For example, I have my first page for login and used a session with cookie and after submitting successfully and redirect my page to another page I want show statement like Hello Smith or Welcome Smith, and it doesn't work properly. Anyone knows the soulution would be appreciated. Thanks

Expand|Select|Wrap|Line Numbers
  1. <?php
  2. if (loggedin())
  3.     {
  4.     header("Location: redirectpage.php");
  5.     exit();
  6.     }
  7. if ($_POST["login"])
  8. {
  9.     global $username;
  10.     $username = $_POST['username'];
  11.     $password = $_POST['password'];
  12.     $rememberme = $_POST['rememberme'];
  15.     if($username&&$password)
  16.     {
  18.     $login = mysql_query("SELECT * FROM usersystem where username='$username'");
  19.     while ($row = mysql_fetch_assoc($login))
  20.     {
  21.         $db_password = $row['password'];
  22.         if($password==$db_password)
  24.     else
  25.         setcookie("username", $username, time()+7200);
  26.         else if ($rememberme=="")
  27.         $_SESSION['logged_in']== $username;
  28.         $_SESSION['username'] =$_POST['username'];
  30. //userarea.php
  31.         header("Location: redirectpage.php");
  32.         exit();
  34.         }
  36.     }
  38.     }
  39.     else
  40.     die("Please enter a username and password");
  42. }
  43. ?>
This is the code for the second page that I want the name of the user to show up.

Expand|Select|Wrap|Line Numbers
  1. <?php
  2. session_start();
  4. $username = $_SESSION['username'];
  6. echo $_SESSION['username'];
  10. echo "Hello ". $username ;
  11. ?>
So what's wrong with my code. Thanks again
Jan 21 '10
20 3408
1,044 Recognized Expert Top Contributor
... Session data is stored on the HDD. Computers don't really "store" anything on the RAM. The contents of the RAM have the potential to be ever changing.

And in regards to the password, what if someone gained access to the session data? I think the risk of them simply guessing a user ID and gaining access to that account is less secure than them having to know the user name and the hashed password from the database.
Jan 24 '10 #11
5,058 Recognized Expert Expert
You have comment out one of my line. Actually I am explaining it. I did tell to store data using SESSION but I didnt mean to store in storage device like hard disk. If I am not wrong session data get stored in the server and in the RAM. My understanding says Session stores run time data.
Session data is stored on the server's HDD by default. It can be configure to store it in shared memory (RAM), or even using a custom save handler, but that is usually not the case.

Anyways, it doesn't matter. If the server is secure, either method works fine. Your PHP application will never know the difference. - Your server's performance may vary, but that's irrelevant to our discussion.

And in regards to the password, what if someone gained access to the session data? I think the risk of them simply guessing a user ID and gaining access to that account is less secure than them having to know the user name and the hashed password from the database.
I don't follow. How would guessing a user ID allow them access to an account?
(I'm getting close to 28 hours without sleep, so forgive me if I am missing something obvious xD)
Jan 24 '10 #12
1,044 Recognized Expert Top Contributor
In the event that they have access to the session data. It is more likely that this would be a trusted user that you had given your server password, but this user could potentially log in to any account that they wanted without needing to know their password. They would simply alter the user ID in their session data.
Jan 24 '10 #13
5,058 Recognized Expert Expert
If we are indeed talking about a trusted user, I would assume that trust covered not logging into other user's accounts. And if it were not a trusted user, and he manage to get your server passwords or hack into the server, the risk of him access random user accounts should be the least of your worries.

In any case, having the password in the session wouldn't really prevent this either. Any open session, or one that has not yet been cleaned up, would also be vulnerable. He would just have to copy the session as-is.

And if you implemented the "modified" timestamp, as I suggested before, guessing the ID of a user would not work. He would have to guess that exact timestamp as well. (Although this would of course not protect users with open/garbage sessions, no more than with the passwords.)
Jan 24 '10 #14
1,044 Recognized Expert Top Contributor
Security is such a nitpicky subject, ain't it? :P
Jan 24 '10 #15
6,050 Recognized Expert Expert
Rightly so.

And, while we're picking nits, johny10151981, array indexes should have quotes around them (unless they are indeed declared constants). Otherwise the PHP engine wastes time determining its stored data.

Expand|Select|Wrap|Line Numbers
  1. // Bad:
  2. echo $some_array[the_array_index];
  4. // Fine:
  5. echo $some_array['the_array_index'];
  7. // Also fine:
  8. define('the_array_index', 'some_index');
  9. echo $some_array[some_index];
Jan 24 '10 #16
1,044 Recognized Expert Top Contributor
define($name, $value)

I think you switched the name and value, Markus.
Jan 24 '10 #17
6,050 Recognized Expert Expert
My bad. You thunk correct :)

P.S Good to see you posting again.
Jan 24 '10 #18
1,044 Recognized Expert Top Contributor
Been busy gettin' paid. ;)
College starts back up today. I post here on my in-between time in school. That means I'm back. lol :3
Jan 25 '10 #19
25 New Member
Thanks a lot guys for this posts, I really appreciate your comments and your answer. It's working now fine.

I have a question related to Session. I made a login screen and all pages except than the login page should be secure so no one can access to any page unless access from the main login page so I did this coding but even if someone did a log off I still can access any page unless I remove the cookies from the folder. In my login screen I have option of "Remember Me" but I didn't check it and I still can open the pages that I already browsed.

This code I putted in my important pages
Expand|Select|Wrap|Line Numbers
  1. <?php
  2. include 'functions.php';
  3. session_start();
  4. if($_SESSION["a"]!=1)
  5. {
  6. header("location:index.php");    
  8. }

And this is my login screen. You can read my comments inside the code I putted two slashes.
Expand|Select|Wrap|Line Numbers
  1. <?php
  2. include 'functions.php';
  5. if ($_POST["login"])
  6. {
  7.     global $username;
  8.     $username = $_POST['username'];
  9.     $password = $_POST['password'];
  10.     $rememberme = $_POST['rememberme'];
  13.     if($username&&$password)
  14.     {
  16.     $login = mysql_query("SELECT * FROM usersystem WHERE username='$username'");
  17.     while ($row = mysql_fetch_assoc($login))
  18.     {
  19.         $db_password =  $row['userpass'];
  20.         if(md5($password)==$db_password)
  21.         $loginok = TRUE;
  22.     else
  23.         $loginok = FALSE;
  25.         if ($loginok==TRUE)
  26.         {
  27.             $_SESSION["a"] = 1; // This line responsible for not allow anybody to access another page unless entered the user name and password correct. But I still access another pages even if I don't check the Remember Me check. What's the soulution?.
  28.             if ($rememberme=="on")
  29.             setcookie("username", $username, time()+7200);
  30.         else if ($rememberme=="")
  31.         $_SESSION['username']== $username;
  32.         $_SESSION['username'] =$_POST['username'];
  34.         header("Location: redirectpage.php");
  35.         exit();
  37.         }
  39.     }
  42.     }
  43.     else
  44.     die("Please enter a username and password");
  45. }
  47. ?>
Jan 26 '10 #20

Sign in to post your reply or Sign up for a free account.

Similar topics

by: Paul | last post by:
Hmmm, didn't seem to work. I have set session.use_cookies = 1 and session.use_trans_sid = 1 in my php.ini file. Index.php contains: ---------------------------------------------------------------------------- <?php ini_set("session.use_cookies", "off"); ini_set("session.use_trans_sid", "on"); session_start(); $_SESSION = ""; $_SESSION = ""; echo "<form method='POST' action='login.php'>
by: Jason Us | last post by:
Does anyone have experience with passing variables from an ASP page to a JSP page. The way it currently works in passing the SSN in the URL. This cannot be good. I thought that storing a unique session ID in a cookie and referencing the SSN from the Session ID would be the correct way to do this. But since we have two separate servers, IIS and Websphere, how do we coordinate the session ID?
by: jr | last post by:
Sorry for this very dumb question, but I've clearly got a long way to go! Can someone please help me pass an array into a function. Here's a starting point. void TheMainFunc() { // Body of code... TCHAR myArray; DoStuff(myArray);
by: opt_inf_env | last post by:
Hello, I know three ways to pass variables form one page to another. The first one is to declare and set session variable. In this case if one goes to another page (by clicking on hyperlink or pressing a button) value of a session variable will be automatically seen on the new page. The second way is to set hidden variables in the form and go to new page by execution of this form (press a button or enter), and the last way, which I...
by: Geoff Cox | last post by:
Hello, I have written before that I can pass a variable from page 1 to page 2 if I call the variable "name". Stephen Chalmers has written, >'name' is effectively a reserved word as the variable window.name is >created automatically, but is not read-only. >Use more imaginative names for variables.
by: Mike P | last post by:
When you are passing a value to another page, and will need access to it throughout the page and on any postbacks, what is the best way to store it? By making it a variable accessible to the whole page, or by putting it in the ViewState? Thanks, Mike
by: James Robertson | last post by:
I am new to the ASP and VB thing so be kind. Question I have is that I have created an ASPX web site to use as an E-Mail page. But I want to use this for a lot of users. Can I create the link on the WEB site to mail to passing a variable from the WEB site to the ASPX web site to E-Mail to? Hope I explained this correctly. This is a response from another group. There was no way for you to know it, but this is a classic asp newsgroup....
by: DaTurk | last post by:
If I call this method, and pass it a byte by ref, and initialize another byte array, set the original equal to it, and then null the reference, why is the original byte array not null as well? I thought passing by reference, your passing the address in memory. public bool DoSomething(ref byte data) { byte retVal = null; try
by: rfr | last post by:
I have a need to use a single version of a Visitor Response Feedback Form on numerous HTML documents. Rather than have numerous versions of this, one on each HTML document, it makes more sense to have ONE FORM and use it from each HTML document that needs it. But, the visitor should see a title on the form that relates to the specific page about which they are giving the feedback. And the results of the form must include what page was...
by: aelred | last post by:
I have a web page where a member can open up a chat window (child window) with another member. - From there the member can also navigate to other web pages. - From other pages in the site, they may also open up new chat windows with other members (just not the same one). - Each chat page is opened with the member name as the window name. - When I log off from the web page, I would like all the chat windows to automatically close. I...
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.