View Full Version : Passing and receiving multiple data through URL!!

10-29-2009, 01:59 PM
I am writing a password reset form. So far I have created a recovery.php which on entering a valid email address emails you a link which has a random code and a id code at the end of the url.

Now I am creating the password reset form which allows you to change the password.

So far I have got the form to display if the random code and id code matches the data in the database.

I have also prevented direct access to the form, i.e. by someone typing www.yourwebsite/reset.php

Now what I would like, if possible, when the form is sent I want to add data to the URL so it could display a password successfully reset message like www.yourwebsite/reset.php?message=success

When processing the form it jumps to not allowed as I am not 100% sure how to retrieve the success message. It's probably something simple too!

if(empty($_GET['code']) && empty($_GET['user']) ) //if page loaded directly
echo('Not Allowed');
else if (!empty($_GET['message']))
$success= mysql_real_escape_string($_GET['message']);
if ($success='changed')
echo('Your password has been changed successfully');
//check random code and user id code
if code matches database
show the form

10-29-2009, 02:37 PM
You should be using PHP SESSIONS to allow the user to move around
your site without passing variables in the URL. A PHP SESSION is a cookie
that is stored on your server (not the user's PC). It expires when they log out
or close their browser. It's basically the same thing as this forum you're using
now ... you log in, and it knows you're logged in no matter where you go.

If they are correctly logged in, every page can check for the valid session variable (username),
and you can do whatever you want based on that. You can give the users a place
to change their password if they wish too.

I guess I'm not sure how much PHP you know, and what you mean by database ...
do you already have a MySQL database to use?

10-29-2009, 03:32 PM
Thanks for your prompt reply. I will read into using PHP sessions as it does make sense.

Thanks again.