how to best request variables...

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
Illusionist
Forum Regular
Posts: 903
Joined: Mon Jan 12, 2004 9:32 pm

how to best request variables...

Post by Illusionist »

I'm not sure if the subject was right for this or not... but, what I have is a simple password field, and it submits to itself, and at the top of the page i have it check if the $password == "whatever" but when the first time the page is loaded i get the stupid undefined index: password error thingy on top, then everything else works... well... this is what i'm doinge:

Code: Select all

if ($_REQUEST["password"] == "TheRightPass"){
is there a better way i should do this?
User avatar
DuFF
Forum Contributor
Posts: 495
Joined: Tue Jun 24, 2003 7:49 pm
Location: USA

Post by DuFF »

Well if you are going to have a multiple user login system you might want to consider using a database to compare passwords. Right now, are you using GET (passing the variables via the URL) or POST (passing the data invisibly) in your form? Using the correct method for the $_REQUEST["password"] is usually preferred. So if you are using GET use: $_GET["password"] and for POST use: $_POST["password"]. This might be the problem.

Code: Select all

<?php
if ($_POST["password"] == "TheRightPass")
{
// do stuff
}
?>
<form method="post" action="<?php echo $PHP_SELF; ?>">
Illusionist
Forum Regular
Posts: 903
Joined: Mon Jan 12, 2004 9:32 pm

Post by Illusionist »

I'm not doing anything with users... I just have a page that is passworded....

And i was using post, so i changed it first to $_POST and it still didn't work.... so i also changed the action part to what u had, and it still was giving my that error....

Other than that first warning at the top, everything else works... like i can still log in and everything.... and when i enter an incorrect password, that error goes away... because the $password is set ... i was thinking maybe i could first use an if isset, but then i would have to go through more throuble than its worth.... maybe, maybe not, lemme try it real quick...
Illusionist
Forum Regular
Posts: 903
Joined: Mon Jan 12, 2004 9:32 pm

Post by Illusionist »

I got it to work with if (isset...... but the only thing i didn't like about doing it that way was that i had to put the <form> part in twice...

once in the else to check if the password was right, and again if the variable wasn't set!

Anyone know of a better way of doing this?
malcolmboston
DevNet Resident
Posts: 1826
Joined: Tue Nov 18, 2003 1:09 pm
Location: Middlesbrough, UK

Post by malcolmboston »

$_POST is often regarded as a better method than $_GET as the user cannot see what is getting sent as it is not passed visibly the the address
Illusionist
Forum Regular
Posts: 903
Joined: Mon Jan 12, 2004 9:32 pm

Post by Illusionist »

I know how to pass using get and post. The problem i was having was getting an error because i was trying to compare a variable that did have anything stored in it.... But i got it fixed now - i just turned off error notices.... But for some reason i couldn't get it to work by turning it off in the php.ini file, so i had to do it within my script... But allt he same it works now! Thanks
User avatar
dull1554
Forum Regular
Posts: 680
Joined: Sat Nov 22, 2003 11:26 am
Location: 42:21:35.359N, 76:02:20.688W

Post by dull1554 »

i'd do this

Code: Select all

<?php
if(!isset($_POST['password']))
{
echo <<< EOT
<form method="post" action="{echo $PHP_SELF;}"> 
<input type=password name=password>
<input type=submit name=submit value=submit>
</form>
EOT;
exit;
}
elseif($_POST['password'] == "blah blah blah")
{
//what you want password to be password protected
exit;
}
else
{
echo "incorrect password";
}
?>
well thats how i'd do it......bets of luck mate!
McGruff
DevNet Master
Posts: 2893
Joined: Thu Jan 30, 2003 8:26 pm
Location: Glasgow, Scotland

Post by McGruff »

Illusionist wrote:But i got it fixed now - i just turned off error notices....
8O 8O 8O

Fix your script - do not turn down error reporting while you are developing.

Undefined vars can be a big security risk - particularly when you are using $_REQUEST key values as passwords. As mentioned, always use GET or POST,

Try this to help debug form processor scripts:

echo '<pre>';
print_r($_POST);
echo '</pre>';

If a POST key isn't set make sure it is actually in the form.
Illusionist
Forum Regular
Posts: 903
Joined: Mon Jan 12, 2004 9:32 pm

Post by Illusionist »

I am using post and $_POST... but the only thing is that i have it check the password at the top of the page and when i first load the page, there is nothing in that variable so thats why i'm getting that notice....
Illusionist
Forum Regular
Posts: 903
Joined: Mon Jan 12, 2004 9:32 pm

Post by Illusionist »

like this si a sample page of what i'm doing:

Code: Select all

<?php

if ($_POST['txtPassword'] != "somepassword") {

?>

<h1>Login</h1>

<form name="form" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
    
    <p><label for="txtpassword">Password:</label>
    <br /><input type="password" title="Enter your password" name="txtPassword" /></p>

    <p><input type="submit" name="Submit" value="Login" /></p>

</form>

<?php

}
else {

?>

<p>This is the protected page. Your private content goes here.</p>

<?php

}

?>
Post Reply