php login form pass vars

Question

i have a page login in page have html form with textboxes and submit button and in top of page i have PHP code thet chacke if name and password in database if name and password in database page go to new page and pass the name and password to next page

i can do it with get metod like the vars in the URL but i want to pass and go to new page with Post metod how i can do it?? pleas help me with code....

in code html :

form name="frmlogin"action="<?= $_SERVER['PHP_SELF'] ?>" method="post" >

and in top of the page have PHP code:

$msg = ""; 
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
    $name = $_POST["name"];
    $password = $_POST["password"];     if ($name == '' || $password == '') {
    $msg = "You must enter all fields";
    } else {
        $sql = "SELECT * FROM tbluser WHERE fldUsername = '$name' AND fldPass = '$password'";
        $query = mysql_query($sql);

        if ($query === false) {
            echo "Could not successfully run query ($sql) from DB: " . mysql_error();
            exit;
        }

        if (mysql_num_rows($query) > 0) {
            /*header('Location: YOUR_LOCATION');
            exit;*/     
            $msg = "Username and password  match";
            echo '<script type="text/javascript">
            window.location.href = "smartphon100.php?name='. $name .'&password='. $password .'";
        }
        if (mysql_num_rows($query) <= 0) {          
            $msg = "Username and password do not match";
        }
    }
}

help me to change the javascript window.location to post metod

Your code is vulnerable to SQL injections; you should read on [how to prevent them in PHP](http://stackoverflow.com/q/60174/53114). — Gumbo, Dec 28 '14 at 10:44

score 1 · Answer 1 · answered Dec 28 '14 at 10:54

1

You can go for php redirect also.

header('location:smartphon100.php?name='. $name .'&password='. $password) ;

BTW: you are passing password in browser?

answered Dec 28 '14 at 10:54

Riad

3,698
5
26
38

That'll be using GET, not POST. – Radicate Dec 28 '14 at 11:02
i know that it use get how cani use with post pleas give me any code to redirect and post vars together – jr3d Dec 28 '14 at 11:09

score 0 · Answer 2 · edited May 23 '17 at 12:05

If I understand correctly, you're trying to redirect a user after successfully logging in.

I see that your current code attempts to redirect using Javascript, the issue seems to be with the quotes on the value you tried to enter.

Try to change this line:

window.location.href = "smartphon100.php?name='. $name .'&password='. $password .'";

to this:

window.location.href = "smartphon100.php?name='.$name.'&password='. $password";

Overall you should read about security as the code you presented is very vulnerable.

PHP: SQL Injection - Manual

If you're trying to pass the values to another page in a POST method using Javascript, you could take a look at this answer: JavaScript post request like a form submit

Although as I don't see a reason for posting the values more than once, I recommend you to read about PHP sessions, cookies, and encryption, which allow you to store values that you can use across the website securely.

A simple example to using session:

<?php
//Starts the session, you need to use this line in every PHP file that'll need to access session variables
session_start();
$_SESSION['user'] = "Donny"; //Storing a user name
?>

A simple example of session use with your code:

Foo.php

session_start();
$msg = ""; 
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
    $name = $_POST["name"];
    $password = $_POST["password"];     if ($name == '' || $password == '') {
    $msg = "You must enter all fields";
    } else {
        $sql = "SELECT * FROM tbluser WHERE fldUsername = '$name' AND fldPass = '$password'";
        $query = mysql_query($sql);

        if ($query === false) {
            echo "Could not successfully run query ($sql) from DB: " . mysql_error();
            exit;
        }

        if (mysql_num_rows($query) > 0) {
            $_SESSION['user'] = $name;
            $_SESSION['pass'] = $password;
            $msg = "Username and password  match";
            echo '<script type="text/javascript">window.location.href = "smartphon100.php";</script>';
        }
        if (mysql_num_rows($query) <= 0) {          
            $msg = "Username and password do not match";
        }
    }
}

Bar.php

<?php
session_start();
//Accessing the values:
echo $_SESSION['user'];
echo $_SESSION['pass'];
?>

NOTE: It's not good to store values like that as again, they're not secure, please read about hashing passwords. PHP: Password Hashing

thet what i have in code and i show it in url i whant thet the name and password will be send in post how i can change window.location to post sending vars?? — jr3d, Dec 28 '14 at 10:56
@jr3d Look at the end of the line, you have a single quote together with a double one. — Radicate, Dec 28 '14 at 10:58
@jr3d I provided you a link to an answer that shows a way to do so. although I wouldn't do it this way. I suggest you to begin with storing the values in a session and simply redirecting the user to the other page. — Radicate, Dec 28 '14 at 11:01
@jr3d I added a simple example for how to use sessions, hope it helps. — Radicate, Dec 28 '14 at 11:16

php login form pass vars

2 Answers2