I have this page I am working on which is a sort of a game.
From page to page I am passing the user name like this
index:
<form method="GET" action="start.php">
<label> Name: </label>
<input type="text" name="username"><br>
<input type="submit">
</form>
Where I retrieve the name on the second page like this:
<?php
session_start();
$_SESSION['username'] = $_GET['username'];
?>
-
<?php
session_start();
if(isset($_SESSION['username'])){
echo "Welcome: " . $_SESSION['username'];
}
else{
echo "Name is unknown";
}
?>
And also on the third:
<p>
<?php
session_start();
echo $_SESSION['username']
?>
</p>
And this code is working just fine. Now I was making an if statement which, when ever you don't enter a name, you won't continue to the next page. I added this code to the first page and this is working for the first page.
<?php
session_start();
$_SESSION['username'] = $_GET['username'];
if($_SESSION['username'] != "")
{
header("Location: start.php");
}
?>
So after adding this, you won't go further unless you do enter a name. But by doing this for a reason I don't know yet and couldn't find, the $_SESSION['username'] = $_GET['username']; isn't working and the names are not passed through
This is the link if you like to play: http://i333180.iris.fhict.nl/site
(not finished yet)
These are your problems:
1- You don't need to use more than one session_start() in a file.
2- you have closed php tag in the second code and then countinued the PHP coding.
3- before session_start(), it must not send any header or echo anything. In the 3rd code, you have echoed tag before session_start().
4- same as session_start(), you must not send any header or echo anything before calling header function. Be sure in the 4th page, you do not have anything echoed before header().
Related
I have a simple HTML script:
<form action="" method="post">
<input type="text" name="amount">
<?php echo $amountError; ?>
<input type="submit">
</form>
And I display errors using this:
<?
$amount = $_POST['amount'];
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if (empty($_POST['amount'])) {
$amountError = 'Empty amount';
} else {
header("Location: apmoketi.php");
}
?>
In the apmoketi.php file there is only one line
echo $amount = $_POST['amount'];
However, when I'm trying to display data in the apmoketi.php page, I don't get the value of the $amount variable using action="", but using action="apmoketi.php" I can get it but my PHP code doesn't checking for any errors, why?
A call to header("Location: apmoketi.php"); makes the browser follow the specified URL as another, completely separate request. This new request doesn't have access to the POST data of the previous one.
Your options:
use include so apmoketi.php has access to the variables of the current script
use sessions to preserve data between requests
use a query parameter to carry the value over:
header('Location: apmoketi.php?amount=' . urlencode($amount));
When you redirect to header("Location: apmoketi.php");, the variables are no longer in $_POST[] so you need to set a session variable before you redirect:
$_SESSION['amount'] = $amount;
the way i do it is i have a folder called action with subfiles in there lets say the file called file2 in this file all the php action happens.
and in the root of my folder i have another file called file1 and in here theres the html and now how i would do it is
<form action="action/file2.php" method="post">
<input type="text" name="amount">
<?php echo $amountError; ?>
<input type="submit">
</form>
I am looking to develop a website containing stages. I want for example to pass by the stage 2 only when i click on the finish button in the page of stage 1 so the stage 2 page can't be accessible by its url or whatever only if the user pass by another page.
Is there a method to do this ??? i am a beginner in security so please try to help me, thanks in advance coders
Make use of sessions to develop this model.
index.php
<?php
#extract($_POST);
if(isset($sub))
{
session_start();
$_SESSION['authenticate']=true;
header("location:test1.php");
exit;
}
?>
<form action='' method="post">
<input type="SUBMIT" name="sub" value="Finish" />
</form>
open.php
<?php
session_start();
if(!isset($_SESSION['authenticate']))
{
echo "You are not allowed to access";
}
else { echo "You came from index.php ! so you are a valid user"; }
session_destroy(); //<-- I added this so you can test your example multiple times.
I think, this show work :)
Use can either redirect your user directly from index.php to open.php
header('Location : open.php');
Or,
in open.php, put this
if($_SERVER['HTTP_REFERER'] == 'index.php page's full link') {
//Do or Show whatever you want to show here
} else {
// Tell the user that you are not authorized
}
If that doesn't work, echo $_SERVER['HTTP_REFERER'] and see what link it gives you. And put that link where specified above.
Cool? :)
Edit (As per the comments) --
Lets say you have a form in your form in stage1.php
<form method="post" action="">
<span class="error"><?php echo $error; ?></span>
Name: <input type="text" name="name"><br/>
Email: <input type="text" name="email"><br/>
<input type="submit" name="submit" value="Submit">
</form>
use this php in stage1.php
if (isset($_POST['name'])||isset($_POST['email'])) {
if (!empty($_POST["name"])||!empty($_POST["email"])) {
$error = "Please fill in all the fields correctly";
}
else {
$name = $_POST['name'];
$email = $_POST['email'];
//You can also save the above Variables Globally by $GLOBALS['name'] = $_POST['name'];
//So that you can use the details when you reach the final stage
header('Location : stage2 page's link');
}
}
?>
and in Page 2 lets say you have another form, then there also check
<?php
if(!empty($name)||!empty($email)) {
//the above is check for global variables email and name are not empty - means stage 2 was filled properly
//Do things for the second page's form like you did for stage 1
} else {
header('Location : stage1 page's link');
//redirect back to stage 1.
}
?>
I want to use back option on php without losing the form data.
I've tried this way;
if ($username==""){
echo 'Please fill. <input type="button" value="Back" onClick="history.back()">';
} else{
$doaction;
}
And this way;
$url= $_SERVER['HTTP_REFERER'];
if ($username==""){
echo "Please fill.";
header("refresh: 2; url=$url");
}
else{
$doaction;
}
On both ways I lose my data. How can I make this better?
This worked for me and using ob_start(); (in PHP below) needs to be included, otherwise it will throw an error, such as:
PHP Warning: Cannot modify header information - headers already sent by (output started)
Use the following exactly as shown, then modify to suit later.
Using Sessions is a way to achieve this. Each field will re-appear in the input boxes, if they were filled.
HTML form (form.php)
<?php
session_start();
?>
<form method="post" action="submitted.php">
<p>
<label for='name'>Your Name:</label>
<br>
<input type="text" name="username" value="<?php echo isset($_SESSION['username']) ? $_SESSION['username'] : '' ?>">
</p>
<p>
<label for='name'>Email:</label>
<br>
<input type="text" name="email" value="<?php echo isset($_SESSION['email']) ? $_SESSION['email'] : '' ?>">
</p>
<input type="submit" name="submit" value="Submit">
<br>
</form>
PHP (submitted.php)
<?php
ob_start();
session_start();
$_SESSION['username'] = $_POST['username'];
$_SESSION['email'] = $_POST['email'];
$url= $_SERVER['HTTP_REFERER'];
$username=$_POST['username'];
$email=$_POST['email'];
// use this one below, if you want to check more than one field
// if (empty($_POST['username']) || empty($_POST['email']) ){
if (empty($_POST['username'])){
echo "Fill in all fields.";
header("refresh: 2; url=$url");
}
else{
echo "OK, redirecting back to show fields are showing, or not.";
header("refresh: 2; url=$url");
}
Your approach reloads the formular, so the webserver will send a clean form to the client. If you want a prefilled form you will have to use a PHP script which knows the formerly filled in values and creates a prefilled form.
In the code you have used, (assuming you have a form further up) there is no data being passed between the pages because nothing is telling the script to transfer the data between that page and it's destination.
In your first example, history.back() simply tells the browser to go back to the last page viewed before the current one. In your second example, your header line essentially just tells the browser to go back to the previous page after two seconds.
To keep data between page transfers, without any further knowledge of what you're doing, I would suggest using JavaScript to fetch your form data and pass it into a URL used in a window.location call (forming a GET request with your form data in it), OR by using javascript to set a cookie containing the data input before you tell the browser to switch page.
In the first solution, you could then use php's $_GET global to access your form data.
In the second solution, you could use javascript to re-populate the form on page load (or at will)
I can pass values form one page to another but I need to pass value like this,
Page 1:
Page4.php
Page3.php
I need to pass the value in a text field in the Page1.php to a text field in Page2.php, since the form is not directly redirectly to page2, I am unable to pass the value, I tried session, form post method and few other methods but I am yet to succeed.
I would be very happy if you can help me with the code or some suggestions.
Thanks!
Edit..........
I found the answer, thanks for the help, it was actually a careless mistake on my part, I used $_post instead of $_session.
Its working now.
Thanks for the help.
Use something like this:
page1.php
<?php
session_start();
$_SESSION['myValue']=3; // You can set the value however you like.
?>
Any other PHP page:
<?php
session_start();
echo $_SESSION['myValue'];
?>
A few notes to keep in mind though: You need to call session_start() BEFORE any output, HTML, echos - even whitespace.
You can keep changing the value in the session - but it will only be able to be used after the first page - meaning if you set it in page 1, you will not be able to use it until you get to another page or refresh the page.
The setting of the variable itself can be done in one of a number of ways:
$_SESSION['myValue']=1;
$_SESSION['myValue']=$var;
$_SESSION['myValue']=$_GET['YourFormElement'];
And if you want to check if the variable is set before getting a potential error, use something like this:
if(!empty($_SESSION['myValue'])
{
echo $_SESSION['myValue'];
}
else
{
echo "Session not set yet.";
}
Solution using just POST - no $_SESSION
page1.php
<form action="page2.php" method="post">
<textarea name="textarea1" id="textarea1"></textarea><br />
<input type="submit" value="submit" />
</form>
page2.php
<?php
// this page outputs the contents of the textarea if posted
$textarea1 = ""; // set var to avoid errors
if(isset($_POST['textarea1'])){
$textarea1 = $_POST['textarea1']
}
?>
<textarea><?php echo $textarea1;?></textarea>
Solution using $_SESSION and POST
page1.php
<?php
session_start(); // needs to be before anything else on page to use $_SESSION
$textarea1 = "";
if(isset($_POST['textarea1'])){
$_SESSION['textarea1'] = $_POST['textarea1'];
}
?>
<form action="page1.php" method="post">
<textarea name="textarea1" id="textarea1"></textarea><br />
<input type="submit" value="submit" />
</form>
<br /><br />
Go to page2
page2.php
<?php
session_start(); // needs to be before anything else on page to use $_SESSION
// this page outputs the textarea1 from the session IF it exists
$textarea1 = ""; // set var to avoid errors
if(isset($_SESSION['textarea1'])){
$textarea1 = $_SESSION['textarea1']
}
?>
<textarea><?php echo $textarea1;?></textarea>
WARNING!!! - This contains no validation!!!
I'm trying to save a session variable in one of my script and it seems to work fine for a portion of the script, however, it gets dropped in the second part of my code. I've echoed every line and can't figure out why this is happening. Also, this code was working just fine before, but ever since I switched servers, it seems to be malfunctioning. I don't think it's the session save path because the first part of the code works fine. Here is the basic outer structure of my code (I've removed all the irrelevant parts to save space):
<!--raw-->
<?php
session_start();
include 'config.php';
?>
<html>
<body>
<form id="driver_record" method="post" action="<?php echo htmlentities($PHP_SELF); ?>">
Enter Driver Number: <input type="text" name="driver" />
<input type="submit" value="Submit" name="user_submit" />
</form>
<?php
if(isset($_POST['user_submit']))
{
if(username_exists($_POST['driver'])){
$ulog = $_POST['driver'];
$_SESSION['user_id'] = $ulog;
echo $_SESSION['user_id']; //Session echos fine here
$tablename_cc = "cc_".$ulog;
$tablename_db = "db_".$ulog;
$tablename_misc = "misc_".$ulog;
$tablename_cash = "cash_".$ulog;
?>
<form id="expenses_update" method="post" action="<?php echo htmlentities($PHP_SELF); ?>">
<input type="submit" value="Approve" name="record_approve" />
<?php
}
}
?>
<?php
if(isset($_POST['record_approve']))
{
echo $_SESSION['user_id']; //Session does not echo here
$ulog = $_SESSION['user_id'];
$tablename_cc = "cc_".$ulog;
$tablename_db = "db_".$ulog;
$tablename_misc = "misc_".$ulog;
$tablename_cash = "cash_".$ulog;
}
//unset($_SESSION['user_id']);
//session_destroy();
?>
</body>
</html>
<!--/raw-->
EDIT: I have commented out the unset statement, and also tried putting them inside the if statement, with no change to the behavior of the code.
Everytime the code is run you are calling the unset($_SESSION['user_id']); this is because it is not within your IF statement, you have a curly brace in the wrong place.
<?php
if(isset($_POST['record_approve']))
{
echo $_SESSION['user_id']; //Session does not echo here
$ulog = $_SESSION['user_id'];
$tablename_cc = "cc_".$ulog;
$tablename_db = "db_".$ulog;
$tablename_misc = "misc_".$ulog;
$tablename_cash = "cash_".$ulog;
unset($_SESSION['user_id']);
session_destroy();
} //moved curly brace here
?>
EDIT: The code runs fine for me, I had to comment out the include line and the function used, the fault must be within the config.php. Do you have a session_start() at the top of that file and no unsets used ?
Here is a simple session script, are you having problems with this ?
If so then there is a problem with php.
<?php
session_start();
$_SESSION['testing'] = "boo";
echo "Session 1=" . $_SESSION['testing'];
?>
<form action="session1.php" method="post">
<input type="text" name="input"
<input type="submit" />
</form>
<pre>
<?php
if (isset($_POST['input']))
{
print_r ($_SESSION);
print_r ($_POST);
}
?>
It seems that neither I or anyone else here can find a logical solution as to what's happening. I've decided to simply remove the session variables and include a 'hidden' input field that just sends the variable through a POST variable. This seems to solve all my problems without having to worry about the behavior of the session variables.
You set the session value only when the first form is submitted (isset($_POST['user_submit'])). When the script is processing the second form submission (isset($_POST['record_approve'])), no session value is set. Hence no output.
You do realize that, even if the script is in one PHP file, it will be triggered by two mutually exclusive form submissions, right? So the session value will be available only after isset($_POST['user_submit']. So if you submit the second form after submitting the first one, you will have a session variable 'user_id', provided you have commented out the lines that unset and destroy the session.
Hope it makes sense.