Page 1 of 1

what do i need to search for?

Posted: Fri Oct 28, 2005 10:23 am
by thurstan
hi

what i need to do is pass two hidden values through a form, check these values are what they should be, and if so pass the user through to another page, if not, redirect them to a different page.

i'm having some trouble expressing this in search terms for this forum / google - i've been searching under "validation" and "validate hidden field" but with no luck.

i'd like to know if there are any php keywords here that would help me find what i want.

thank you.

Posted: Fri Oct 28, 2005 10:26 am
by Chris Corbyn
It's just standard PHP form validation. The fact that the values are in <input type="hidden"> makes no difference there?

Perhaps we can help with yoyr specific situation if you explain further? :)

Posted: Fri Oct 28, 2005 10:35 am
by thurstan
ah, thanks.

ok so there is a 2 step process to purchasing an item, 1st page being 'create' (where specifics are decided) and the 2nd page 'confirm'.

on the form i need to submit 2 hidden values (fixed password fixed user number) to the 2nd page, that needs to validate the password. If the submitted password does not match the hidden password value then it should redirect to a another page, if the password is ok then continue to 'confirm'.

now, i guess an if statement marrying the two together would do it, like 'if password is this then proceed, if not then redirect', but i'm having trouble arriving at the correct syntax.

thanks

Posted: Fri Oct 28, 2005 10:41 am
by Chris Corbyn
A simple comparison should do it yes..

Code: Select all

//Receive post data, including hidden values

if ($_POST['hidden_password_value'] == $_POST['typed_password'])
{
    //All looks good to confirm
}
else
{
    //Go somewhere else
}
Perhaps I've misunderstood? :)

Posted: Fri Oct 28, 2005 10:47 am
by thurstan
nope you haven't misunderstood, i'm just not very good with php.

thanks for your help, i'll try to get this to work.

Posted: Fri Oct 28, 2005 11:11 am
by Chris Corbyn
Post back if you can't figure it out, along with the code you have so far. Should get you on track :)

Posted: Fri Oct 28, 2005 11:21 am
by thurstan
thankyou.

Posted: Mon Oct 31, 2005 5:14 am
by thurstan
ok so i got the hidden values passing through OK, and now i've come onto the redirect it's causing a few problems, with the common send headers issues i've been reading about here

the redirect works fine when the form passes through the wrong value in "passwordcode", but when the correct value is passed through, it displays the correct page, but with the header errors.

here's the code for the form page that passes through the hidden values:

Code: Select all

<form action="http://www.mainpage.php" method="get" name="FormName">
<input type="hidden" name="passwordcode" value="123">
<input type="submit" name="Continue" value="Continue"></p>
</form>
here's the formaction page, mainpage.php

Code: Select all

<?php
$passwordcode=  $_POST["passwordcode"];
if ($passwordcode== "123")
{
?>
<html>
<body>
<div id="content">
*all page content*
</div>

<?php
} else {
header("Location: http://www.otherpage.co.uk");
} 
?>

</body>
</html>
now i get the header errors, but i can't see how to include the php if statement all at the top of the page, i tried this, all at the top of the page:

Code: Select all

<?php
$passwordcode=  $_POST["passwordcode"];
if ($passwordcode== "123") {
        header("Location: $PHP_SELF");
    } else {
        header("Location: http://www.otherpage.co.uk");
    }
?>
with this, whether passwordcode coming from the form was correct or incorrect, it would always redirect to http://www.otherpage.co.uk.

if anyone has any hints i would be very happy. thanks.

Posted: Mon Oct 31, 2005 5:54 am
by Chris Corbyn
You're submitting the form using method="get", yet you are reading the data from $_POST.

Either use method="post" or change all the $_POST variables to be $_GET ;)

Posted: Mon Oct 31, 2005 6:31 am
by n00b Saibot
d11wtq wrote:or change all the $_POST variables to be $_GET ;)
don't :wink: don't change to $_GET. use $_POST...

Posted: Mon Oct 31, 2005 6:48 am
by thurstan
oops, changed to POST but same header problem persists :(

Posted: Mon Oct 31, 2005 6:56 am
by Jenk
See if changing this:

Code: Select all

<?php
} else {
header("Location: http://www.otherpage.co.uk");
}
?>
To :

Code: Select all

<?php
} else {
header("Location: http://www.otherpage.co.uk");
exit();
}
?>
Helps :)

Posted: Mon Oct 31, 2005 6:57 am
by mickd
try putting at the very top of each page

Code: Select all

<?php
$passwordcode=  $_POST["passwordcode"]; 
if ($passwordcode != "123") {
header("Location: http://www.otherpage.co.uk");
}
// code here for if it is 123
?>

Posted: Mon Oct 31, 2005 10:00 am
by foobar
thurstan wrote:

Code: Select all

<form action="http://www.mainpage.php" method="get" name="FormName">
<input type="hidden" name="passwordcode" value="123">
<input type="submit" name="Continue" value="Continue"></p>
</form>
I don't know why nobody has pointed this out, but this is totally unsafe. Almost anybody can figure out the password. All they have to do is check the source-code. You should save your passwords on the server, and not let them ever get to your users.

Posted: Mon Oct 31, 2005 10:16 am
by thurstan
thanks for the all the responses people, it's been very helpful.

mickd - this sorted out the problem - thanks a lot, works fine now :D

foobar - thanks for pointing this out, it's more of an identifier than a password, so it doesn't matter if somebody can see it (perhaps using the word password could have a bit misleading).