Page 1 of 1
Passing variable parameters
Posted: Thu Jun 15, 2006 2:10 pm
by jmill15
I have my website setup on an external webserver. I also have some pages setup on our AS/400 that are accessible via the web. The idea here is that customers go to my website and create a profile. They enter in various information including their Customer Number (custno). This information is stored in the password.csv file which is stored on my web hosting services' server. I want my customers to be able to log in to my website with their profile they set up and then click on a link that directs them to my internal server which has their invoice history. I have both parts set up and working, but I need to be able to pass that custno field value based on that customer signing in to my site. Is is possible to pass that variable in a hyperlink for each individual customer that logs in so it only brings up their invoices? I feel like I can use a script of some kind to do this but would prefer not to have to unless it is necessary. If a script is the only way, can anyone help me in getting started writing one. I am new to PHP. Thanks
Re: Passing variable parameters
Posted: Thu Jun 15, 2006 2:28 pm
by poeta_eletrico
jmill15 wrote:I have my website setup on an external webserver. I also have some pages setup on our AS/400 that are accessible via the web. The idea here is that customers go to my website and create a profile. They enter in various information including their Customer Number (custno). This information is stored in the password.csv file which is stored on my web hosting services' server. I want my customers to be able to log in to my website with their profile they set up and then click on a link that directs them to my internal server which has their invoice history. I have both parts set up and working, but I need to be able to pass that custno field value based on that customer signing in to my site. Is is possible to pass that variable in a hyperlink for each individual customer that logs in so it only brings up their invoices? I feel like I can use a script of some kind to do this but would prefer not to have to unless it is necessary. If a script is the only way, can anyone help me in getting started writing one. I am new to PHP. Thanks
Hi,
Well, if I understood you quite well - why dont you "encrypt" and append it (custno var) to the url of your link like href="yourlink.php?custno=xxx" - so when u get there, u can check it first in the header and then save it as a session or whatever u intend to do with it...
I hope this can help u...if i understood you correctly.
Bye,
Poeta_Eletrico
Posted: Thu Jun 15, 2006 3:11 pm
by jmill15
I think you understand what I am trying to do. I would like to append it to my URL. What exactly are you referring to when saying "custno=xxx". What are the xxx's for? As I said earlier, I am new to PHP and don't fully understand it yet. Thanks
Posted: Thu Jun 15, 2006 3:20 pm
by Christopher
If you create a HTML link like:
Code: Select all
<a href="http://www.yourserver.com/yourpage.php?custno=1234">Customer Link</a>
In the PHP page "yourpage.php" the value is available in the $_GET superglobal:
Code: Select all
<?php
echo "The customer number is ' . $_GET['custno'];
?>
Which should display:
The customer number is 1234
I should also note that your system is very insecure.
Posted: Thu Jun 15, 2006 3:27 pm
by jmill15
Well i can't just append a static custno to the link because depending on which customer signs in, i need that variable to pull their custno from my csv file. Please elaborate on why my system is insecure. Thanks
Posted: Thu Jun 15, 2006 3:53 pm
by RobertGonzalez
What you need to do is capture their customer number when they login (which should be validating against some known information source that would hold their username, password, customer number, etc). When they log in, grab their customer number and redirect them to your other site with the customer number appended to the query string.
Like arborint said, this is very insecure and I would HIGHLY RECOMMEND YOU DON"T USE THIS METHOD. You may want to look at moving the login process from the first server and putting everything onto the server that houses the invouices.
Posted: Thu Jun 15, 2006 4:35 pm
by jmill15
They sign in with a username and password but i was hoping the session ID would grab their other data as well and i would be able to pass the custno to the other server. We have had security concerns about passing that value too but we don't know enough about it to really know what's best. I am open to any suggestions or knowledge anyone has about the best way to handle this situation. Thanks