gotta be an easier way

[trevor]

than doing 'main.php?username=$username&password=$password'

Do I have to enter that into all of my navigation links?

[sde]

that is what sessions are for .. it's really hard to read what i'm trying to tell you with all of illya's and vlads comments on your post, .. but look at the session stuff that i put in there.

sessions are what carry over variables automatically between pages. if you register "username" and "password" on every page from when the user logs in, .. you won't have to pass anything through the url.

after around 10 minutes of googling I found it on php.net. Do
blah=$_POST['username'];
And you will get username! Now change the form from method=get to original method=post


EDIT: This is the URL if you want it http://www.php.net/manual/en/reserved.variables.php

[sde]

i thought it worked when he submited the form .. and the problem was with passing the user/pass for everything inside the protected area.

if the original submission works, then he does not need the $_POST[] .. he needs to use sessions so the username and password variable stay valid for the entire time the user is on the site.

Quote:

Originally posted by sde
i thought it worked when he submited the form .. and the problem was with passing the user/pass for everything inside the protected area.

if the original submission works, then he does not need the $_POST[] .. he needs to use sessions so the username and password variable stay valid for the entire time the user is on the site.

Oh, sorry, I thought he was talking about when he submitted the form and using the get method in the form, but still, atleast now he knows about $_POST But it worked when he submitted the form but he was using Get and as you said it's not secure... so now he can use this and not have to worry about that one....

[sde]

from how i understood it, .. the problem was when he was trying to use the $Array[username] . i tried thie myself and could not get it to work.

in most php installations, you don' tneed to use $_POST[] ,although it could be good practice and it is more secure if you dont want people to be able to enter variables in the url.

user/pass like i said isn't that critical to be in the url for the site, as it is more of a security risk on the clients end when someone is looking over their shoulders.

[trevor]

I still cant qite figure it out:

here is my code for main.php

PHP Code:

<?
include("connect.php");
session_start();
session_register("username");
session_register("password");

$password=$_GET['password'];
$username=$_GET['username'];

$result=mysql_query("select * from users where username='$username' and password='$password'");

$num=mysql_num_rows($result);

if($num < 1){
  header("location: failed2.php");
}

?>

Now that part works fine. Just when I load the page profile.php which right now just simply lists username, email etc, i get the failed2.php.

my code for that part is:

PHP Code:

<?
include("connect.php");
session_start();

$result=mysql_query("select * from users where username='$username' and password='$password'");

$num=mysql_num_rows($result);

if($num < 1){
  header("location: failed2.php");
}
?>

so the username and password should be registered so I can open them from any page right? what am I forgeting?

thanks,

Trevor

Quote:

Originally posted by sde
from how i understood it, .. the problem was when he was trying to use the $Array[username] . i tried thie myself and could not get it to work.
Yes that was the problem.

in most php installations, you don' tneed to use $_POST[] ,although it could be good practice and it is more secure if you dont want people to be able to enter variables in the url.

Actually that guide I gave you on installing Apache with PHP in the Linux forum, when I did it I have to use Post and it is the latest one out... (although it is Apache 1.3.27). But true it is more secure too.

user/pass like i said isn't that critical to be in the url for the site, as it is more of a security risk on the clients end when someone is looking over their shoulders.

And when you look back in the history as well, you can see lets say his sites name is lll.asd

well if you type in lll.asd you could see the old history, things like lll.asd/blah.php?asd=asd&lll=ddd

[trevor]

is anyone here?

[technobard]

Trevor,

Try executing session_start() first on both pages (before the include). I remember reading somewhere that it has to be first on subsequent pages to work properly. I've never tried it, personally, but it's easy enough to try.

[trevor]

nope, still not working,

thanks though

do I have to do:

PHP Code:

session_register("username");
session_register("password"); 


on every page?

[technobard]

Quote:

Originally posted by trevor
nope, still not working,

thanks though

do I have to do:

PHP Code:

session_register("username");
session_register("password"); 


on every page?

No. Just for giggles, try registering after setting the variables for the first time.

$password=$_GET['password'];
$username=$_GET['username'];
session_register("username");
session_register("password");

Also, session_register is supposed to return a boolean. I'd check that in an if to make sure it is working. If register_globals is off, session_register won't work according to info at php.net. The way your first example is written, it will still work even if session_register fails.

[sde]

why are we using $_GET[] ???

also, i think you should have "session_start(); " at the top of each page before you register anything in the session.

[trevor]

well I know it is registering the variable fine because I went to /tmp/sess_o4f1fc707...... and there was my username and password

now why aren't my other sites getting these variables.

sde, can you explain the idea of not having the $_GET please?

thanks all,

Trevor