How to insert a value to a hidden field?

raladin

Hi..

I finnished my VB Program that grabs the Physical HDD Serial and I included an invisible "WebBrowser Control".. so now I programmed that Program to send the serial to a PHP file : http://www.mysitename.com/register.php?serial=(Serial No. grabbed)..

So now.. how to make this PHP file gets this value and put it in a hidden field in it? (The register.php page contains a Registration Form like : Desired Username & Password, Telephone No...Etc.)

So the VB Program will open : http://www.mysitename.com/register.php?serial=(Serial No. grabbed).. and then the PHP page will put the serial number whith the form as a hidden value that can't be changed by a user.. and when the form submitted to the mySQL Database.. all the imformation will be inserted to the database includes the serial number..

And the same at the login.php page.. it will grab the serial as a hidden value.. but at this time there will be a verification between the serial grabbed and the one in the database. (The login.php page of course includes two fields "Username & Password" so.. after verifiying these two fields.. then the page will check the grabbed serial with the one at the database for this user.. if they are the same then it will redirect him to another page..

A very important notice : the "WebBrowser Control" is invisible.. so the pages that will be opened will not be shown for the user.. so how can he enter the login information?

My project is an E-Learning System.. and I will use the HDD Serial as a verification. (Because I want every account works only on one PC) so the serial number will be added in the registration form to the database and at the login page will be as a proof that this PC had the same serial in the database.. so he can start the lessons..

I don't want the user to see the URL of the PHP page.. because he will see the serial number and he can easylly change it.. and at the same time as I said.. if I made the "WebBrowser Control" invisible.. the user will not see the registration and login forms 🙂. So how to solve this?

Waiting your replies..

Thanks for advance 🙂

cheers,,

The_Chancer

Why not leave it in the URL - and do something like rot13 and base64encode, then reverse at the other end...

Putting it into a hidden form field will still leave it visible for anyone who wants to change it.

raladin

But is it secure to use that?

raladin

What about if the user copied this new value and use it every time he login? 🙂

I want every account only for one PC.. I don't want it for more that one PC...

I'm saying in an invisible "WebBrowser Control" inside the Visual Basic.. did you get my meaning? But the problem is that the program will send the serial to the PHP page using the WebBroswer Control.. but it is invisible.. so how to how the Form 🙂?

So wha to do?

cheers..

raladin

What is the solution??!!!!

The_Chancer

When the WebBrowser Control send the info to the PHP script - this is hidden. The script then processes the request.

You could then get the script to launcha new page using header() and deal with it from there.

Does the WebBrowser Control do this every time, and is the serial number checked every time ?

WebBrowser gets serial ->
Pass to hidden PHP script
- Script gets relavent info (row num?) from database to verify
- Script launches new page - with only the row number in hidden field->
Visible PHP HTML page in web browser
- Input user & pass
- Login sript verify row number from hidden field against user and pass.

Is that the sort of schema you were looking for ?

//edit
This is a help forum... Please and thank you go a long way - noone is paid!

raladin

Ya.. Just what I'm looking for..

Now what I want from you is a help.. how to take the header in PHP as you said.. this will be the solution for my problem..

regards..

The_Chancer

Ahh thats easy... just look at http://www.php.net/header and you will find your answer...

raladin

Coool! man..

And you mean that header is as a cookie for PHP (For example)? it takes a value and then continue to another page with the same value..right?

The_Chancer

You can set the information required as a session var - then user the header(location) to redirect to the new page then get the session var back for the hidden part of the form.

header(location=http://page.php?info=this)

sort of thing - then refer as $_GET['info']

All up to you...

raladin

I see..

so this will take the value to another page.. but how to set the hidden field in the second page?

I mean after the value has benn taken to the other page.. where it will be (Wich field)? or it automatically creates a hidden field in that page?

regards..

The_Chancer

Yeah - just use the <input type=hidden> tag...

raladin

Or what about using some Text Boxes inside my VB program.. then I will use an invisible "WebBrowser Control" to ope any hidden URL.. and every thing will be shown by the VB of course imported from the PHP and mySQL..

Thanks alot for your help dude..

regards..

The_Chancer

As to hiding a value in a VB form, can't you sat the value of a text box and set its attribute to hidden ?

slak

There's no way of making your application 100% unbeatable. SSL and an additional layer of encryption is your best bet.

Programs such as Ethereal can view exactly what is being sent and received from your website.

raladin

Of course slak.. but I must do something hard to hack and although you knew what is going.. you cannot hack it..

The Chancer.. of course.. every thing can be hidden dude..

cheers..

slak

Can you have your VB program send the login details to your server and if accepted, open a browser window with a temp UID so the user is automatically logged in?

i.e;

VB prog. gets HD serial, username and password.

VB prog. sends this info to your website.
Website accepts HD serial, username and password as valid.
Website informs VB prog. of this and issues a unique id.
VB prog. opens web browser with the unique id in the querystring.
User is logged in.

No need for HTML or hidden form fields etc.

slak

ActiveX would also work for most platforms.

raladin

But the user can get this UID and then open it on every PC

So the account will work on all PCs. I want every account for one PC only..

I tried ActiveX.. VB EXE files more better..

cheers..

slak

I may not have explained it properly...

Once the serial, user and pass have been accepted - your website will send the VB program a temporary id. The VB program will then open a browser window with this ID in the query string - obviously your php script will delete this ID as soon as it has been requested so it can only be used once. That one time will be from the PC which has the correct serial.

It's still not fool proof. Other checks to include after the querystringed browser is opened is perhaps a cookie that the VB program creates, a session or by IP.

I'm of the opinion that ActiveX would be the better option.