passing variables to another page

skdzines

I'm wondering if someone could tell me why my variables are not being passed to the next page? I have a simple test script that I'm using to check a db to see if a user exists and if so, it passes the variable $name to the next page and displays it. However, everything works except the passing of the variable $name.

This is the script to enter the username and password to be checked:
index2.php

<?
include 'connect_var.php';
include 'connect.php';

if ($_POST['Submit']){
	if(empty($username)){
		$error="You must enter your username";
		echo("<font color='990000'>$error</font><br>\n");
	}
	if(empty($password)){
		$error="You must enter your password";
		echo("<font color='990000'>$error</font><br>\n");
	}
}
if($username && $password){
	$login=mysql_fetch_row(mysql_query("SELECT username, password, name FROM user WHERE username='".addslashes(trim($username))."'"));
	$name=$login[2];
	if($login[0] != $username){
		echo("<font color='990000'>That username was not found in our database</font><br>\n");
	}
	if($login[1] != $password){
		echo("<font color='990000'>Incorrect Password</font><br>\n");
	}
	else{
		header("Location: http://www.mysite.com/project/member_area.php");
	}	
}
echo("
<html>
<head>
<title>XYZ Login</title>
</head>

<body>
<form method='post' action='/project/index2.php'>
  <table width='251' border='0' cellspacing='0' cellpadding='0'>
    <tr>
      <td width='71'>Login<br><br>
        </td>
      <td width='180'>&nbsp;</td>
    </tr>
    <tr>
      <td>username:</td>
      <td><input name='username' type='text' size='30'></td>
    </tr>
    <tr>
      <td>password:</td>
      <td><input name='password' type='password' size='30'></td>
    </tr>
  </table>
  <p>
    <input type='submit' name='Submit' value='Submit'>
  </p>
</form>
</body>
</html>");
?>

The page the variable $name is being passed to looks like this:

member_area.php

<?
$name=$_POST['name'];
echo("
<html>
<head>
<title>XYZ Member Area</title>
</head>

<body>
Hello $name
</body>
</html>");
?>

I have also tried using hidden fields to pass it and tried using $name=$HTTP_POST_VARS['name'];

Thanks in advance for your help.

xlordt

Your code:

if ($_POST['Submit']){ 
    if(empty($username)){ 
        $error="You must enter your username"; 
        echo("<font color='990000'>$error</font><br>\n"); 
    } 
    if(empty($password)){ 
        $error="You must enter your password"; 
        echo("<font color='990000'>$error</font><br>\n"); 
    } 
} 
if($username && $password){ 
    $login=mysql_fetch_row(mysql_query("SELECT username, password, name FROM user WHERE username='".addslashes(trim($username))."'")); 
    $name=$login[2]; 
    if($login[0] != $username){ 
        echo("<font color='990000'>That username was not found in our database</font><br>\n"); 
    } 
    if($login[1] != $password){ 
        echo("<font color='990000'>Incorrect Password</font><br>\n"); 
    } 
    else{ 
        header("Location: [url]http://www.mysite.com/project/member_area.php[/url]"); 
    }     

}

My code:

if ($_POST['Submit']){ 

if(empty($username)){ 
    $error="You must enter your username"; 
    echo("<font color='990000'>$error</font><br>\n");
    exit; 
} 

if(empty($password)){ 
    $error="You must enter your password"; 
    echo("<font color='990000'>$error</font><br>\n");
    exit;
} 

if($_POST['username'] && $_POST['$password']){ 
    $login=mysql_fetch_row(mysql_query("SELECT username,   

    password, name FROM user WHERE username='".addslashes(trim($username))."'")); 
    $name=$login[2]; 

if($login[0] != $username){ 
        echo("<font color='990000'>That username was not found 
in our database</font><br>\n"); 
         exit;
    } 

if($login[1] != $password){ 
    echo("<font color='990000'>Incorrect Password</font><br>\n");
    exit; 
} 
else{ 
    header("Location: [url]http://www.mysite.com/project/member_area.php[/url]"); 
}     
 } 
}

skdzines

Thanks xlordt but it's still not working. I tried the changes you had made, but it was skipping validating the username and password altogether. It would still check to makes sure something was entered and tell you if there wasn't, but only display one error message at a time because you were using exit;

If I entered the correct username and password, it wouldn't validate them, it would simply just clear the fields and do nothing once submitted. It never took me to the next page.

Any other ideas?

Thanks again.

xlordt

sorry my fault i forgot to close this part

if($_POST['username'] && $_POST['$password']){  

    $login=mysql_fetch_row(mysql_query("SELECT username,    

    password, name FROM user WHERE username='".addslashes(trim($username))."'"));  

    $name=$login[2];  

if($login[0] != $username){  

        echo("<font color='990000'>That username was not found 
in our database</font><br>\n");  

         exit; 
    }  

header("Location: [url]http://www.mysite.com/project/member_area.php[/url]");
}

other codes here

that way if the usersname and password is entered then it checks to make sure its in the db, if it still does not work.. then i will run it and check it out for you once i get off from work 😉 good luck, btw you dont need the else there the one at the button, you can just simply add it the way i did it just says that if the username and passwd is incorrect then echo error and stop, else execute the hearder part and it would be better if you just used.. mysql_fetch_array(), and mysql_num_rows() would work easyer for ya 😉

skdzines

Well, it still doesn't seem to want to pass the variable $name to the member_area.php page. Everything else works beautifully. Is it because I'm using the header function instead of making the form action='member_area.php'? Although, if I were to do that, then it wouldn't perform the error checking unless I placed it within the member_area.php to be performed, correct?

Also, I've never used mysql_numrows(); how does it work and how are the values stored in the array? I know the values are stored like this $login[0], $login[1] in mysql_fetch_row and like this in mysql_fetch_object, $login->username and $login->password.

Thanks again for your help.

skdzines

Any other ideas, anybody?

pjleonhardt

you need to set

Header("Location: http://www.mysite.com/project/member_area.php?name=$username");

and then on
member_area.php

$name = $_GET['name'];

skdzines

Thank you pjleonhardt. I tried appending the variable to the end of the header that way earlier, but I didn't use $GET in the member_area.php. I was using $HTTP_POST_VARS and $POST instead. It works now.

Although is there any other way to do it so that it won't show the variables in the URL when using the header function and doing error checking? I know I can get it to work if I don't do any error checking by setting the form action to member_area.php.

Thanks

pjleonhardt

cookies or sessions

feldon23

Header dumps any kind of $GET or $POST.

You should re-think how you're doing this.

In my case, I have a small stub script login.php and then depending on what function they want to do, if the user is logged in, then I require(); one of those function scripts. And all of those function scripts check to see if you are logged in.

skdzines

feldon23, could you give me an example of what you mean using the same premise as what I'm trying to accomplish? Basically, I want it to do what it is doing by first checking that the user entered something and then validating the username and password entered before giving access. Once logged in, I want it to pass the variable $name and $username to the next page. From there I will have it query the db by the username passed to pull and display their last order and other information.

However I don't want it to show the values passed in the URL. I don't know any other way to do the error checking and then pass the values if no errors other than the header function. I've also never used sessions and don't know how.

I would really appreciate it.

Thanks

pjleonhardt

Originally posted by feldon23
Header dumps any kind of $GET or $POST.

You should re-think how you're doing this.

In my case, I have a small stub script login.php and then depending on what function they want to do, if the user is logged in, then I require(); one of those function scripts. And all of those function scripts check to see if you are logged in.

if you say
Header("Location: page.php?id=$id");

it does NOT dump the $_GET

when you are transferred to the page you will see

http://..../page.php?id=45

or w/e

and you can still get it using $_GET

ive done it

feldon23

<? 
require('connect_var.php');
require('connect.php');
$PHP_SELF=$_SERVER['PHP_SELF'];

unset($error, $_GET['error'], $_POST['error'], $_SESSION['error']);

if(!$_POST['username']){
  $error .= "You must enter a username.<br>\n";
}
if(!$_POST['password']){
  $error .= "You must enter a password.<br>\n";
}
if($_POST['username'] && $_POST['password']){ 
  $login=mysql_fetch_row(mysql_query("SELECT username, password, name FROM user WHERE username='".
    addslashes(trim($username))."'")); 
  $name=$login[2];
  if($login[0] != $username){
      $error .= "The username $username was not found in our database.";
  } 
  if($login[1] != $password){ 
      $error .= "You have entered an incorrect password for the account $username.";
}

if (!$error) {
  session_start();
  $_SESSION['username'] = $username; // Successfully logged in
  $_SESSION['password'] = $password; // create session and
  require("member_area.php");        // pass control to member_area.php.
} else {

// Not logged in

$html=<<<HEREDOC
<html>
  <head>
    <title>XYZ Login</title>
  </head>
  <body>
    You could not be logged in because of the following problem(s):<br>
    <font color="990000">$error</font><br>
    <form method="POST" action="$PHP_SELF">
      <table width=251 border=0 cellspacing=0 cellpadding=0>
        <tr>
          <td width=71>Login</td>
          <td width=180>&nbsp;</td>
        </tr>
        <tr>
          <td>Username:</td>
          <td><input name="username" type="text" size="30" value="$username"></td>
        </tr>
        <tr>
          <td>Password:</td>
          <td><input name="password" type="password" size="30"></td>
        </tr>
      </table>
      <p><input type="submit" name="Submit" value="Submit"></p> 
    </form>
  </body>
</html>
HEREDOC;

echo $html;
?>

I changed your include() to require() because if include() fails, you don't even get an error message, your script runs anyway. I think because this is a security script you'd rather the whole script die if one of those files can't be loaded.

If they have some kind of error, then it displays the login form which points back to this php file.

If they entered a username, go ahead and fill in the form with it.
Display the error above the form. Your old script was displaying the error message before the <html> tag. Not good!

The only problem I see is that

HEREDOC makes life so much easier. You can mix and match slashes and variables (but not PHP code).

Now in all your other scripts which are member's only, just

if (!$_SESSION['username'] or !$_SESSION['password']) {
// use header() command here
}

feldon23

My only concern is that if all those conditions fail, it might be possible to gain some level of access, albiet with no username or password.

It's probably better to check their username and password and GRANT access if it's found, rather than FAIL on a variety of conditions.

I hope that makes sense.

skdzines

Thank you feldon23. I'll try messing with what you showed me tomorrow when I have more time. So is the HEREDOC sort of like echo?

Thanks.

By the way, could you please look at my next post?

skdzines

oh feldon, one more thing. I'm wondering if you might know a way for me to do this, Say I have product list with a half dozen products in it for sale. The products would have $productName, $productPrice and $productQty. I want to be able to have the user enter the qty they wish to purchase in the productQty text box and then add it to the cart. At that point it will redirect to the next page and display the total of their selections. So it will display the $productName, $productQty and then the total ($prodcutQty * $productPrice) then add all of the product totals together for an overall total.

I can get it to work correctly by doing it this way:

if($ClubsQty){
	$clubPrice = 499.99;
	$clubTotal = $ClubsQty * $clubPrice;
	$clubDesc = "Golf Clubs";

}
if($BallsQty){
	$ballsPrice = 32.99;
	$ballsTotal = $BallsQty * $ballsPrice;
	$ballsDesc = "Golf Balls";
}
if($GloveQty){
	$glovePrice = 12.99;
	$gloveTotal = $GloveQty * $glovePrice;
	$gloveDesc = "Golf Glove";
}

$orderTotal=$clubTotal + $ballsTotal + $gloveTotal;

But if I have hundred products, I don't want to have to do this for every product. I want to be able to store it in an array or hash and do a loop until there are no more products to calculate but I don't know exactly how to do it. I have an idea but I guess I don't know how to set it up so the correct qty is associated with the correct product and price.

Hope you can lead me in the right direction.

Thanks

By the way, could you please look at my last post? Just in case you missed it?

skdzines

feldon23, thank you for the help again. I tried the modified script you gave and it works. Only one thing though, as soon as you go to the login page, it already displays the errors saying 'No username found ' and ' Incorrect login'. This shouldn't display unless they have typed one in. I can't seem to get it to work with the way you have it set up.

On my form I used if (isset($Submit)){ around the error checking and it worked, but it doesn't seem to want to with yours.

Any suggestions?

Thanks