what do i need to search for?

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
thurstan
Forum Commoner
Posts: 28
Joined: Mon Feb 28, 2005 7:40 am

what do i need to search for?

Post by thurstan »

hi

what i need to do is pass two hidden values through a form, check these values are what they should be, and if so pass the user through to another page, if not, redirect them to a different page.

i'm having some trouble expressing this in search terms for this forum / google - i've been searching under "validation" and "validate hidden field" but with no luck.

i'd like to know if there are any php keywords here that would help me find what i want.

thank you.
User avatar
Chris Corbyn
Breakbeat Nuttzer
Posts: 13098
Joined: Wed Mar 24, 2004 7:57 am
Location: Melbourne, Australia

Post by Chris Corbyn »

It's just standard PHP form validation. The fact that the values are in <input type="hidden"> makes no difference there?

Perhaps we can help with yoyr specific situation if you explain further? :)
thurstan
Forum Commoner
Posts: 28
Joined: Mon Feb 28, 2005 7:40 am

Post by thurstan »

ah, thanks.

ok so there is a 2 step process to purchasing an item, 1st page being 'create' (where specifics are decided) and the 2nd page 'confirm'.

on the form i need to submit 2 hidden values (fixed password fixed user number) to the 2nd page, that needs to validate the password. If the submitted password does not match the hidden password value then it should redirect to a another page, if the password is ok then continue to 'confirm'.

now, i guess an if statement marrying the two together would do it, like 'if password is this then proceed, if not then redirect', but i'm having trouble arriving at the correct syntax.

thanks
User avatar
Chris Corbyn
Breakbeat Nuttzer
Posts: 13098
Joined: Wed Mar 24, 2004 7:57 am
Location: Melbourne, Australia

Post by Chris Corbyn »

A simple comparison should do it yes..

Code: Select all

//Receive post data, including hidden values

if ($_POST['hidden_password_value'] == $_POST['typed_password'])
{
    //All looks good to confirm
}
else
{
    //Go somewhere else
}
Perhaps I've misunderstood? :)
thurstan
Forum Commoner
Posts: 28
Joined: Mon Feb 28, 2005 7:40 am

Post by thurstan »

nope you haven't misunderstood, i'm just not very good with php.

thanks for your help, i'll try to get this to work.
User avatar
Chris Corbyn
Breakbeat Nuttzer
Posts: 13098
Joined: Wed Mar 24, 2004 7:57 am
Location: Melbourne, Australia

Post by Chris Corbyn »

Post back if you can't figure it out, along with the code you have so far. Should get you on track :)
thurstan
Forum Commoner
Posts: 28
Joined: Mon Feb 28, 2005 7:40 am

Post by thurstan »

thankyou.
thurstan
Forum Commoner
Posts: 28
Joined: Mon Feb 28, 2005 7:40 am

Post by thurstan »

ok so i got the hidden values passing through OK, and now i've come onto the redirect it's causing a few problems, with the common send headers issues i've been reading about here

the redirect works fine when the form passes through the wrong value in "passwordcode", but when the correct value is passed through, it displays the correct page, but with the header errors.

here's the code for the form page that passes through the hidden values:

Code: Select all

<form action="http://www.mainpage.php" method="get" name="FormName">
<input type="hidden" name="passwordcode" value="123">
<input type="submit" name="Continue" value="Continue"></p>
</form>
here's the formaction page, mainpage.php

Code: Select all

<?php
$passwordcode=  $_POST["passwordcode"];
if ($passwordcode== "123")
{
?>
<html>
<body>
<div id="content">
*all page content*
</div>

<?php
} else {
header("Location: http://www.otherpage.co.uk");
} 
?>

</body>
</html>
now i get the header errors, but i can't see how to include the php if statement all at the top of the page, i tried this, all at the top of the page:

Code: Select all

<?php
$passwordcode=  $_POST["passwordcode"];
if ($passwordcode== "123") {
        header("Location: $PHP_SELF");
    } else {
        header("Location: http://www.otherpage.co.uk");
    }
?>
with this, whether passwordcode coming from the form was correct or incorrect, it would always redirect to http://www.otherpage.co.uk.

if anyone has any hints i would be very happy. thanks.
User avatar
Chris Corbyn
Breakbeat Nuttzer
Posts: 13098
Joined: Wed Mar 24, 2004 7:57 am
Location: Melbourne, Australia

Post by Chris Corbyn »

You're submitting the form using method="get", yet you are reading the data from $_POST.

Either use method="post" or change all the $_POST variables to be $_GET ;)
User avatar
n00b Saibot
DevNet Resident
Posts: 1452
Joined: Fri Dec 24, 2004 2:59 am
Location: Lucknow, UP, India
Contact:

Post by n00b Saibot »

d11wtq wrote:or change all the $_POST variables to be $_GET ;)
don't :wink: don't change to $_GET. use $_POST...
thurstan
Forum Commoner
Posts: 28
Joined: Mon Feb 28, 2005 7:40 am

Post by thurstan »

oops, changed to POST but same header problem persists :(
User avatar
Jenk
DevNet Master
Posts: 3587
Joined: Mon Sep 19, 2005 6:24 am
Location: London

Post by Jenk »

See if changing this:

Code: Select all

<?php
} else {
header("Location: http://www.otherpage.co.uk");
}
?>
To :

Code: Select all

<?php
} else {
header("Location: http://www.otherpage.co.uk");
exit();
}
?>
Helps :)
mickd
Forum Contributor
Posts: 397
Joined: Tue Jun 21, 2005 9:05 am
Location: Australia

Post by mickd »

try putting at the very top of each page

Code: Select all

<?php
$passwordcode=  $_POST["passwordcode"]; 
if ($passwordcode != "123") {
header("Location: http://www.otherpage.co.uk");
}
// code here for if it is 123
?>
foobar
Forum Regular
Posts: 613
Joined: Wed Sep 28, 2005 10:08 am

Post by foobar »

thurstan wrote:

Code: Select all

<form action="http://www.mainpage.php" method="get" name="FormName">
<input type="hidden" name="passwordcode" value="123">
<input type="submit" name="Continue" value="Continue"></p>
</form>
I don't know why nobody has pointed this out, but this is totally unsafe. Almost anybody can figure out the password. All they have to do is check the source-code. You should save your passwords on the server, and not let them ever get to your users.
thurstan
Forum Commoner
Posts: 28
Joined: Mon Feb 28, 2005 7:40 am

Post by thurstan »

thanks for the all the responses people, it's been very helpful.

mickd - this sorted out the problem - thanks a lot, works fine now :D

foobar - thanks for pointing this out, it's more of an identifier than a password, so it doesn't matter if somebody can see it (perhaps using the word password could have a bit misleading).
Post Reply