Page 1 of 1

how to best request variables...

Posted: Wed Jan 21, 2004 8:27 pm
by Illusionist
I'm not sure if the subject was right for this or not... but, what I have is a simple password field, and it submits to itself, and at the top of the page i have it check if the $password == "whatever" but when the first time the page is loaded i get the stupid undefined index: password error thingy on top, then everything else works... well... this is what i'm doinge:

Code: Select all

if ($_REQUEST["password"] == "TheRightPass"){
is there a better way i should do this?

Posted: Wed Jan 21, 2004 8:51 pm
by DuFF
Well if you are going to have a multiple user login system you might want to consider using a database to compare passwords. Right now, are you using GET (passing the variables via the URL) or POST (passing the data invisibly) in your form? Using the correct method for the $_REQUEST["password"] is usually preferred. So if you are using GET use: $_GET["password"] and for POST use: $_POST["password"]. This might be the problem.

Code: Select all

<?php
if ($_POST["password"] == "TheRightPass")
{
// do stuff
}
?>
<form method="post" action="<?php echo $PHP_SELF; ?>">

Posted: Wed Jan 21, 2004 9:14 pm
by Illusionist
I'm not doing anything with users... I just have a page that is passworded....

And i was using post, so i changed it first to $_POST and it still didn't work.... so i also changed the action part to what u had, and it still was giving my that error....

Other than that first warning at the top, everything else works... like i can still log in and everything.... and when i enter an incorrect password, that error goes away... because the $password is set ... i was thinking maybe i could first use an if isset, but then i would have to go through more throuble than its worth.... maybe, maybe not, lemme try it real quick...

Posted: Wed Jan 21, 2004 9:23 pm
by Illusionist
I got it to work with if (isset...... but the only thing i didn't like about doing it that way was that i had to put the <form> part in twice...

once in the else to check if the password was right, and again if the variable wasn't set!

Anyone know of a better way of doing this?

Posted: Thu Jan 22, 2004 6:01 am
by malcolmboston
$_POST is often regarded as a better method than $_GET as the user cannot see what is getting sent as it is not passed visibly the the address

Posted: Thu Jan 22, 2004 12:04 pm
by Illusionist
I know how to pass using get and post. The problem i was having was getting an error because i was trying to compare a variable that did have anything stored in it.... But i got it fixed now - i just turned off error notices.... But for some reason i couldn't get it to work by turning it off in the php.ini file, so i had to do it within my script... But allt he same it works now! Thanks

Posted: Thu Jan 22, 2004 2:50 pm
by dull1554
i'd do this

Code: Select all

<?php
if(!isset($_POST['password']))
{
echo <<< EOT
<form method="post" action="{echo $PHP_SELF;}"> 
<input type=password name=password>
<input type=submit name=submit value=submit>
</form>
EOT;
exit;
}
elseif($_POST['password'] == "blah blah blah")
{
//what you want password to be password protected
exit;
}
else
{
echo "incorrect password";
}
?>
well thats how i'd do it......bets of luck mate!

Posted: Thu Jan 22, 2004 3:32 pm
by McGruff
Illusionist wrote:But i got it fixed now - i just turned off error notices....
8O 8O 8O

Fix your script - do not turn down error reporting while you are developing.

Undefined vars can be a big security risk - particularly when you are using $_REQUEST key values as passwords. As mentioned, always use GET or POST,

Try this to help debug form processor scripts:

echo '<pre>';
print_r($_POST);
echo '</pre>';

If a POST key isn't set make sure it is actually in the form.

Posted: Thu Jan 22, 2004 5:30 pm
by Illusionist
I am using post and $_POST... but the only thing is that i have it check the password at the top of the page and when i first load the page, there is nothing in that variable so thats why i'm getting that notice....

Posted: Thu Jan 22, 2004 5:49 pm
by Illusionist
like this si a sample page of what i'm doing:

Code: Select all

<?php

if ($_POST['txtPassword'] != "somepassword") {

?>

<h1>Login</h1>

<form name="form" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
    
    <p><label for="txtpassword">Password:</label>
    <br /><input type="password" title="Enter your password" name="txtPassword" /></p>

    <p><input type="submit" name="Submit" value="Login" /></p>

</form>

<?php

}
else {

?>

<p>This is the protected page. Your private content goes here.</p>

<?php

}

?>