Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 3 of 3
  1. #1
    New Coder
    Join Date
    Jul 2008
    Location
    Aberdeenshire
    Posts
    16
    Thanks
    2
    Thanked 0 Times in 0 Posts

    Passing and receiving multiple data through URL!!

    Hi
    I am writing a password reset form. So far I have created a recovery.php which on entering a valid email address emails you a link which has a random code and a id code at the end of the url.

    Now I am creating the password reset form which allows you to change the password.

    So far I have got the form to display if the random code and id code matches the data in the database.

    I have also prevented direct access to the form, i.e. by someone typing www.yourwebsite/reset.php

    Now what I would like, if possible, when the form is sent I want to add data to the URL so it could display a password successfully reset message like www.yourwebsite/reset.php?message=success

    When processing the form it jumps to not allowed as I am not 100% sure how to retrieve the success message. It's probably something simple too!
    PHP Code:

    <?php     
    if(empty($_GET['code']) && empty($_GET['user']) ) //if page loaded directly 
    {
        echo(
    'Not Allowed');
    }
    else if (!empty(
    $_GET['message']))
    {
        
    $successmysql_real_escape_string($_GET['message']);
        if (
    $success='changed')
        {
            echo(
    'Your password has been changed successfully');
            }
    }
    else
    {
      
    //check random code and  user id code
           
    if code matches database 
          
    {
                  
    show the form
          
    }
    }

  • #2
    Master Coder
    Join Date
    Jun 2003
    Location
    Cottage Grove, Minnesota
    Posts
    9,500
    Thanks
    8
    Thanked 1,089 Times in 1,080 Posts
    You should be using PHP SESSIONS to allow the user to move around
    your site without passing variables in the URL. A PHP SESSION is a cookie
    that is stored on your server (not the user's PC). It expires when they log out
    or close their browser. It's basically the same thing as this forum you're using
    now ... you log in, and it knows you're logged in no matter where you go.

    If they are correctly logged in, every page can check for the valid session variable (username),
    and you can do whatever you want based on that. You can give the users a place
    to change their password if they wish too.

    I guess I'm not sure how much PHP you know, and what you mean by database ...
    do you already have a MySQL database to use?
    Last edited by mlseim; 10-29-2009 at 01:40 PM.

  • #3
    New Coder
    Join Date
    Jul 2008
    Location
    Aberdeenshire
    Posts
    16
    Thanks
    2
    Thanked 0 Times in 0 Posts
    Thanks for your prompt reply. I will read into using PHP sessions as it does make sense.

    Thanks again.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •