what do i need to search for?
Moderator: General Moderators
what do i need to search for?
hi
what i need to do is pass two hidden values through a form, check these values are what they should be, and if so pass the user through to another page, if not, redirect them to a different page.
i'm having some trouble expressing this in search terms for this forum / google - i've been searching under "validation" and "validate hidden field" but with no luck.
i'd like to know if there are any php keywords here that would help me find what i want.
thank you.
what i need to do is pass two hidden values through a form, check these values are what they should be, and if so pass the user through to another page, if not, redirect them to a different page.
i'm having some trouble expressing this in search terms for this forum / google - i've been searching under "validation" and "validate hidden field" but with no luck.
i'd like to know if there are any php keywords here that would help me find what i want.
thank you.
- Chris Corbyn
- Breakbeat Nuttzer
- Posts: 13098
- Joined: Wed Mar 24, 2004 7:57 am
- Location: Melbourne, Australia
ah, thanks.
ok so there is a 2 step process to purchasing an item, 1st page being 'create' (where specifics are decided) and the 2nd page 'confirm'.
on the form i need to submit 2 hidden values (fixed password fixed user number) to the 2nd page, that needs to validate the password. If the submitted password does not match the hidden password value then it should redirect to a another page, if the password is ok then continue to 'confirm'.
now, i guess an if statement marrying the two together would do it, like 'if password is this then proceed, if not then redirect', but i'm having trouble arriving at the correct syntax.
thanks
ok so there is a 2 step process to purchasing an item, 1st page being 'create' (where specifics are decided) and the 2nd page 'confirm'.
on the form i need to submit 2 hidden values (fixed password fixed user number) to the 2nd page, that needs to validate the password. If the submitted password does not match the hidden password value then it should redirect to a another page, if the password is ok then continue to 'confirm'.
now, i guess an if statement marrying the two together would do it, like 'if password is this then proceed, if not then redirect', but i'm having trouble arriving at the correct syntax.
thanks
- Chris Corbyn
- Breakbeat Nuttzer
- Posts: 13098
- Joined: Wed Mar 24, 2004 7:57 am
- Location: Melbourne, Australia
A simple comparison should do it yes..
Perhaps I've misunderstood? 
Code: Select all
//Receive post data, including hidden values
if ($_POST['hidden_password_value'] == $_POST['typed_password'])
{
//All looks good to confirm
}
else
{
//Go somewhere else
}- Chris Corbyn
- Breakbeat Nuttzer
- Posts: 13098
- Joined: Wed Mar 24, 2004 7:57 am
- Location: Melbourne, Australia
ok so i got the hidden values passing through OK, and now i've come onto the redirect it's causing a few problems, with the common send headers issues i've been reading about here
the redirect works fine when the form passes through the wrong value in "passwordcode", but when the correct value is passed through, it displays the correct page, but with the header errors.
here's the code for the form page that passes through the hidden values:
here's the formaction page, mainpage.php
now i get the header errors, but i can't see how to include the php if statement all at the top of the page, i tried this, all at the top of the page:
with this, whether passwordcode coming from the form was correct or incorrect, it would always redirect to http://www.otherpage.co.uk.
if anyone has any hints i would be very happy. thanks.
the redirect works fine when the form passes through the wrong value in "passwordcode", but when the correct value is passed through, it displays the correct page, but with the header errors.
here's the code for the form page that passes through the hidden values:
Code: Select all
<form action="http://www.mainpage.php" method="get" name="FormName">
<input type="hidden" name="passwordcode" value="123">
<input type="submit" name="Continue" value="Continue"></p>
</form>Code: Select all
<?php
$passwordcode= $_POST["passwordcode"];
if ($passwordcode== "123")
{
?>
<html>
<body>
<div id="content">
*all page content*
</div>
<?php
} else {
header("Location: http://www.otherpage.co.uk");
}
?>
</body>
</html>Code: Select all
<?php
$passwordcode= $_POST["passwordcode"];
if ($passwordcode== "123") {
header("Location: $PHP_SELF");
} else {
header("Location: http://www.otherpage.co.uk");
}
?>if anyone has any hints i would be very happy. thanks.
- Chris Corbyn
- Breakbeat Nuttzer
- Posts: 13098
- Joined: Wed Mar 24, 2004 7:57 am
- Location: Melbourne, Australia
- n00b Saibot
- DevNet Resident
- Posts: 1452
- Joined: Fri Dec 24, 2004 2:59 am
- Location: Lucknow, UP, India
- Contact:
See if changing this:
To :
Helps 
Code: Select all
<?php
} else {
header("Location: http://www.otherpage.co.uk");
}
?>Code: Select all
<?php
} else {
header("Location: http://www.otherpage.co.uk");
exit();
}
?>try putting at the very top of each page
Code: Select all
<?php
$passwordcode= $_POST["passwordcode"];
if ($passwordcode != "123") {
header("Location: http://www.otherpage.co.uk");
}
// code here for if it is 123
?>I don't know why nobody has pointed this out, but this is totally unsafe. Almost anybody can figure out the password. All they have to do is check the source-code. You should save your passwords on the server, and not let them ever get to your users.thurstan wrote:Code: Select all
<form action="http://www.mainpage.php" method="get" name="FormName"> <input type="hidden" name="passwordcode" value="123"> <input type="submit" name="Continue" value="Continue"></p> </form>
thanks for the all the responses people, it's been very helpful.
mickd - this sorted out the problem - thanks a lot, works fine now
foobar - thanks for pointing this out, it's more of an identifier than a password, so it doesn't matter if somebody can see it (perhaps using the word password could have a bit misleading).
mickd - this sorted out the problem - thanks a lot, works fine now
foobar - thanks for pointing this out, it's more of an identifier than a password, so it doesn't matter if somebody can see it (perhaps using the word password could have a bit misleading).