[petrinjak]

Good day all,

I am still virtually new to php. I have asked a couple of questions on this site but the answers went a bit over my head. I have another question and I am hoping for a simple solution that can be accomplished with a basic level of knowledge regarding php. Thanks in advance.

So here is the situation:

I am working on a site that will act as a "family gift regestry" - members of the family can log on and add to their christmas list. I am using a MySQL database to hold the information. There are two things that I am trying to acomplish that I believe can be done with a similar piece of basic code. First, there is a login screen (presented in a form). Currently, if a valid username and password is entered, the user is taken to a "Login Successful" page and asked to click a link to continue, which then directs the browser into the main site. I would like to bypass the 'success' page. In other words, if the user enters the correct information, I would like to head directly to the main page of the site. Is there any type of function or comand that, upon meeting the proper condition, will simply direct the browser to a particular URL?

The second thing I would like to accomplish will take place when a user is adding items to there 'wishlist'. I use a form with a submit button as the vehicle to add items to the database. When the submit button is clicked I could take the user to a "Your item has been added" page with a link to return but I would like a more elegant solution. Here is What I would prefer. When submit is clicked, the item is added to the database and the current page is reloaded.

Thanks again, and sorry for the length of this but I wanted to present as much detail as possible.

Kevin petrinjak

[FiRe]

For redirect use:

PHP Code:

<?

header ("Location: http://www.site.com");

?>

When you want it to go to the same page, just include the same page!

PHP Code:

<?



//code to add item to database



include ("page.php");

?>

[petrinjak]

Thanks for the response. I have a question regarding the redirect.

The link on the 'success' page currently has the below link:
<a href="registryMain.php?loginID=<?php echo $LoginID; ?>">Continue</a>

to get to the next page. As you can see a pass a value to the next page through the link (I don't have much of a handel on session variables yet).

In the header statement, how would I include the variable and its value?

[petrinjak]

As a matter of fact, with the include statement, I will have the same issue as mentioned above.

With the include statement, is there a way to pass a variable an its value as you do with a link.

[moronovich]

1.first thing.
you can set the php header

PHP Code:

  header('Location : /path/to/new/location/'); 

Anyway, don't forget to set cookies or session previously so that you can keep track a user has been logging on or not.
2.second thing
it's kind of self submitted form. you can set if-else condition in the page to determine code workflow based on condition given in superglobal post or get.

[petrinjak]

hehe...see this is kind of what I meant in the original post about things going over my head or at least beyond my abilities. I am not using cookies or sessions (don't know how to do that really). I am also not using anything global.

Currently, here is the way I am flowing the user's identity. From the login page or form, I use the username and password to pull 'userID' from MySQL. I place that value into a variable (i.e. $loginID). then, everytime a new page is called I pass that variable. For example:

On a for -
<form action="addItem.php?loginID=<?php echo $loginID;?>" method="post">

With a link -
<a href="registryMain.php?loginID=<?php echo $loginID;?>">Click here when done</a>

So I am looking for a method to achieve the same result in an include statement as well as a redirect.

Of course this is probably a much more difficult task than just learning to use sessions...but I don't really know for sure.

[FiRe]

I am still not 100% sure what you mean but to have the code on the same page as the login page you put this in the action of the form:

<? echo $PHP_SELF; ?>

[Wuiqed]

I'm not sure I understand what you want but I think that what you're trying ask is how you can pass along the userID in the form?

Well, have a hidden input with the value $_GET["loginID"] in the form

[petrinjak]

Quote:

Originally Posted by Wuiqed

I'm not sure I understand what you want but I think that what you're trying ask is how you can pass along the userID in the form?

Well, have a hidden input with the value $_GET["loginID"] in the form

I am sorry I am not properly explaining myself. I am successfully passing the variable by means of a form and by way of a link. What I am trying to do is use an include statement (which I know how to do) and get the varialble passed to the included page (which I do not know haw to do). keep in mind I am not using session variables in this page nor am I using cookies. The userID, which is used to identify the visitor, is passed from page to page by its predecessor.

[moronovich]

hello petrinjak,
for me, passing userID throught browser is bad for security reason.
when you, for example, create a URL like this

Quote:

http://www.yoursite.com/pagetwo?id=5

i can simply change /refresh the page by typing the URL (in the address bar of my browser) with:

Quote:

http://www.yoursite.com/pagetwo?id=7

and now... yeah.. i logged in as another user.

although you can also create a hash to identify current user:

PHP Code:

//pageone

$myHash = createHash(mySpecialRandomWord');

$myID = getIDFromDatabase();

$url  = 'http://www.mysite.com/pagetwo?id='.$myID.'&hash='.$myHash;



//pagetwo

$myUndecoded = decodeHash($_GET['hash']);

if($myUndecoded != $myRule) {

     print 'Unauthrized user';

     exit();

} 

it's still bad since you have to previously create unique key for each user and encode the info in a hash.

i'm +1 in using php session and/or cookie with hash. it will be much better in handling the security issue.

anyway, you're the decision maker. i'm here just a stranger..