8 Replies - 1305 Views - Last Post: 26 January 2009 - 10:48 AM Rate Topic: -----

#1 kim_mc   User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 13
  • Joined: 23-January 09

Passing Variables in php

Posted 23 January 2009 - 10:17 AM

I am new to php, but have made *some* progress on a php project I'm working on. However, I have hit a wall with one thing (so far!) and need help figuring it out.

The project scope is basically to add a few password protected pages to a site. If a user is logged in, allow them to view the secure pages, if not, they have to go log in before viewing the secure content.

So far I can get the user to log in, if they enter the correct password ($pwd) and it matches the password stored in the database ($realPwd), it takes them to a "Welcome Member!" page. The Welcome Member page links to other pages that should be secure. If the user did not give the correct password, it gives an error saying "Sorry, wrong password, please try again" with a link to the log in page.

This is what confuses me: when I click a link on the Welcome Member page to go to another secure page ("A_secure_page"), it does NOT pass the $pwd variable; only the $realPwd variable. I have used the same code on the Welcome Member page as the A_secure_page, calling the same variables and including the same pages.

The code layout basically looks something like this for the Welcome Member and A_secure_page:

<? 
 session_start(); 
 include("connectDB2.php"); 
 include("checkPassword.php"); 

 if ($pwd == $realPwd){
?>
	 [HTML Code with hidden/secure info]
<?
}
else {
	echo "Sorry, you entered the wrong password or have not logged in.";
	echo "<br />Please <a href='login.htm'>try again</a>.";
	}
?>



The checkPassword.php code looks like this:

<? 
 session_start(); 
 include("connectDB2.php"); 
 
 //give out all the variables which need to be used.
$_SESSION['pwd'] = $pwd;
$_SESSION['submit'] = $submit;
$submit = $_REQUEST["submit"];
$pwd = $_REQUEST["pwd"];
//$pwd = $_POST['pwd']; --> does nothing for A_secure_page

$query = "SELECT * FROM storeLogin"; 
$result = mysql_query($query) or die(mysql_error());
$row = mysql_fetch_assoc($result);
$realPwd = $row['password'];
$_SESSION['realPwd'] = $realPwd; 




I do not understand why this works for Member Page but not A_secure_page. Could someone please explain? This may not be the best way to go about doing this, but it is the best I have so far.

Is This A Good Question/Topic? 0
  • +

Replies To: Passing Variables in php

#2 CTphpnwb   User is online

  • D.I.C Lover
  • member icon

Reputation: 3786
  • View blog
  • Posts: 13,715
  • Joined: 08-August 08

Re: Passing Variables in php

Posted 23 January 2009 - 10:31 AM

Unless connectDB2.php gets your form data the variable $pwd will be unset when you set the session variable:
<? 
 session_start(); // ok so far...
 include("connectDB2.php"); // Does this get form data and set $pwd?
 
 //give out all the variables which need to be used.
$_SESSION['pwd'] = $pwd; // If not, $pwd will set $_SESSION['pwd'] to null.



Was This Post Helpful? 0
  • +
  • -

#3 kim_mc   User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 13
  • Joined: 23-January 09

Re: Passing Variables in php

Posted 23 January 2009 - 10:44 AM

View PostCTphpnwb, on 23 Jan, 2009 - 09:31 AM, said:

Unless connectDB2.php gets your form data the variable $pwd will be unset when you set the session variable:
<? 
 session_start(); // ok so far...
 include("connectDB2.php"); // Does this get form data and set $pwd?
 
 //give out all the variables which need to be used.
$_SESSION['pwd'] = $pwd; // If not, $pwd will set $_SESSION['pwd'] to null.




The only thing connectDB2.php does is connect the to the (mysql?) database. It gives the password, username, etc. The checkPassword.php (code on first post) is what should get the form data & set $pwd. Both need to get the form data & set the $pwd?

Would I just copy the same code from checkPassword and put it on connectDB2?
Was This Post Helpful? 0
  • +
  • -

#4 CTphpnwb   User is online

  • D.I.C Lover
  • member icon

Reputation: 3786
  • View blog
  • Posts: 13,715
  • Joined: 08-August 08

Re: Passing Variables in php

Posted 23 January 2009 - 11:20 AM

You understand that no one but you knows what is in connectDB2.php, right?


Where is your code that checks the form data? There should be something like:

$pwd = $_POST['pwd'];

or

$pwd = $_GET['pwd'];


It wouldn't hurt to use some security too:
http://www.php.net/mysql_escape_string

This post has been edited by CTphpnwb: 23 January 2009 - 11:20 AM

Was This Post Helpful? 0
  • +
  • -

#5 kiwi2   User is offline

  • D.I.C Head
  • member icon

Reputation: 8
  • View blog
  • Posts: 178
  • Joined: 16-September 08

Re: Passing Variables in php

Posted 24 January 2009 - 01:38 AM

check the page to see if you have the details that you need.
1.check the session is not empty by either echoing out the variables to the page in question.
2.Better still constuct an error statement to check-up on your variables eg
if($_SESSION['pwd'] == " ")
{
ect
}
Was This Post Helpful? 0
  • +
  • -

#6 kim_mc   User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 13
  • Joined: 23-January 09

Re: Passing Variables in php

Posted 26 January 2009 - 08:35 AM

Hi kiwi2 and CTphpnwb,

Thanks for your replies. If I understand what you're saying ...

1) connectDB2.php simply connects the session to the database, it doesn't get the $pwd variable. I was planning on using checkPassword.php to do that (and include it on all the pages that needed to be checked for security).

2) I was using the code "$_SESSION['pwd'] = $pwd;" on checkPassword.php to declare the $pwd variable from the form data. If you look at the original code posted for checkPassword.php, at one time I tried putting "$pwd = $_POST['pwd'];" under the section where I declared all the variables I needed, but when I ran it, it still did nothing for A_secure_page.

To give you a better idea as to how I am attempting to approach this, here is the overall layout:
a) Enter password ($pwd) on login.htm
B) Action on login.htm form goes to Welcome Member page. If $pwd matches the real password ($realPwd) being stored in database table. If not, Welcome Member gives an error & links back to login page
c) The successful Welcome Member page links to A_secure_page
d) Welcome Member page also includes checkPassword.php
e) A_secure_page includes checkPassword.php (to make sure no one is accessing it w/o first entering a valid password), and gives other links to secure pages.

Again, the problem is that A_secure_page does not allow me to access it even after entering a valid $pwd on login, and accessing the Member Page successfully.

Please let me know if this helps or where I need to be more clear. Thanks!
Was This Post Helpful? 0
  • +
  • -

#7 CTphpnwb   User is online

  • D.I.C Lover
  • member icon

Reputation: 3786
  • View blog
  • Posts: 13,715
  • Joined: 08-August 08

Re: Passing Variables in php

Posted 26 January 2009 - 09:31 AM

Look at comments to see what this code does:
<?
 session_start(); // starts session, carrying over previously set session variable.
 include("connectDB2.php"); // Inserts your code from connectDB2.php file, which you say only connects to database.
 

$_SESSION['pwd'] = $pwd; // Since $pwd is unset at this point, $_SESSION['pwd'] is set to null

I don't think that's what you intended.
Was This Post Helpful? 0
  • +
  • -

#8 kim_mc   User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 13
  • Joined: 23-January 09

Re: Passing Variables in php

Posted 26 January 2009 - 10:31 AM

You are correct, setting $pwd to null is not what I intended. Clearly, I am a php beginner.

Why is $pwd being set to null for A_secure_page, but not the Member Page, when both have the same code (with the exception of what's written on the HTML part) and call checkPassword.php?
Was This Post Helpful? 0
  • +
  • -

#9 CTphpnwb   User is online

  • D.I.C Lover
  • member icon

Reputation: 3786
  • View blog
  • Posts: 13,715
  • Joined: 08-August 08

Re: Passing Variables in php

Posted 26 January 2009 - 10:48 AM

Can't say without seeing the code, but I assume that something sets $pwd to a value other than null.
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1