Member Avatar for masterjiraya

File name:index.php

<html>
<head>
<script type="text/javascript">
function showUser(str, query)
{
if(document.getElementById("Author").checked==true)
{
    query="author";
}else if(document.getElementById("bookname").checked==true)
{
    query="bookname";
}else{
    document.getElementById("textHint")="please select";
}

if (str=="")
  {
  document.getElementById("txtHint").innerHTML="";
  return;
  }
if (window.XMLHttpRequest)
  {// code for IE7+, Firefox, Chrome, Opera, Safari
  xmlhttp=new XMLHttpRequest();
  }
else
  {// code for IE6, IE5
  xmlhttp=new ActiveXObject("Microsoft.XMLHTTP");
  }
xmlhttp.onreadystatechange=function()
  {
  if (xmlhttp.readyState==4 && xmlhttp.status==200)
    {
    document.getElementById("txtHint").innerHTML=xmlhttp.responseText;
    }
  }
xmlhttp.open("GET","postback.php?q="+str+"&query_type="+query,true);
xmlhttp.send();
}
</script><title>
    Search Books
</title>
</head>
<body>
<form method ="get" >
    <div style="background-color:Orange">
<h3>Welcome<?php echo $_GET['username'].", ";
?> Want to search a book?</h3>
Search:<input type="text" name="users" onKeyUp="showUser(this.value)"/><br/>
Search By<br/>
Author<input type="radio" name="query_type" id="Author" onClick="showUser()" checked="checked" style="color: Black"/>or by<input type="radio" name="query_type" id="bookname" onClick="showUser()"/>book name
    </div>
    </form>
<br />
<div id="txtHint"><b>Person info will be listed here.</b></div>

</body>
</html>

file name: validation.php

<!DOCTYPE html>
<html lang="en">
    
    <?php 
    $username=$_POST['uname'];
    $password=$_POST['pass'];
     $conn=mysql_connect('localhost','root','naruto')or die('Error: cannot connect to the MySQL due to this error.<br/>'.mysql_error()); 
     $select_db=mysql_select_db('clc_customer_info')or die('Error: cannot connect to the MySQL due to this error.<br/>'.mysql_error());
     $search="select * from `clc_customer_profile` where `Password` = '$password' and `User_Name`='$username'";
     $querySQL=mysql_query($search)or die('Error: cannot connect to the MySQL due to this error.<br/>'.mysql_error());
     if (mysql_fetch_array($querySQL)>0)
     //validate the log-in
      {?>
    
       <head>
        <meta http-equiv="Refresh" content="5;url=http://localhost:6824/index.php" />
       
    </head>
    <body><form action="index.php" method="get"><input type="hidden" name="username" value="<?php $_POST['uname'] ?>"/>
        </form>
    <div>
    <?php   echo"proceed to next page in 5 secs<br/>";
      }
     else
      {
       echo"input invalid<br/> signing up again in 5 seconds";
      ?>
     <head>
        <meta http-equiv="Refresh" content="5;url=http://localhost:6824/log-in.html" />
    </head>
    <body>
    <div>
    <?php  }
    ?>   
    </div>  
    </body>
</html>

file name:log-in.html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
<script src="SpryAssets/SpryValidationTextField.js" type="text/javascript"></script>
<link href="SpryAssets/SpryValidationTextField.css" rel="stylesheet" type="text/css" />
</head>

<body><form id="form1" name="form1" method="post" action="validation.php"><center>
  <table width="200" border="1" cellspacing="2" cellpadding="2" bordercolor="#000000" >
  <caption>
    <table border="0" cellpadding="0"><tr><td bgcolor="#33FF00">register here</td></tr></table>
  </caption>
  <tr>
    <th scope="col"  bgcolor="#FFFF00">Username</th>
    <th scope="col"><span id="sprytextfield1">
    <label>
    <input type="text" name="uname" id="uname" />
    </label>
    <span class="textfieldRequiredMsg">A username is required.</span><span class="textfieldInvalidFormatMsg">Invalid format.</span></span></th>
  </tr>
  <tr>
    <th scope="row" bgcolor="#0099FF">Password</th>
    <td><span id="sprytextfield2">
      <label>
      <input type="password" name="pass" id="pass" />
      </label>
      <span class="textfieldRequiredMsg">A password is required.</span></span></td>
  </tr>
  <tr>
    <th colspan="3" scope="row"><label>
      <input type="submit" name="submitt" id="submitt" value="Submit" />
      <input type="reset" name="clear" id="clear" value="Clear" />
    </label></th>
    </tr>
</table></center>
</form>
<script type="text/javascript">
<!--
var sprytextfield1 = new Spry.Widget.ValidationTextField("sprytextefield1", "custom");
var sprytextfield2 = new Spry.Widget.ValidationTextField("sprytextfield2");
//-->
</script>
</body>
</html>

the problem agenda:
from log-in.html the user will log his/her username and password from there the username textbox will be copied to the <input type="hidden" name="username" value="<?php $_POST ?>". Now I want to GET the value of hidden tag and reveal it in index.php

but the problem is I cannot have connections betwween post and get method... because index.php will search items from the database of books. So this will be get method. on the contrary you cannot get the value of the log-in page because we all know that if we use get for log-in, then we will be prone to hacking. Now what should I do to get the hidden tag's value.

  • 4 Contributors
  • 5 Replies
  • 6K Views
  • 4 Days Discussion Span
  • Latest Post Latest Post by karthik_ppts
Member Avatar for sDJh

Hi masterjiraya,

never ever send user-credentials via hidden textboxes. Use cookies or even better the inbuilt Session-Management from PHP. Have a look here: http://www.php.net/manual/en/book.session.php. Don't be afraid of the massive text, it's actually very simple (Basic Examples).

Hope that helps, Simon

Member Avatar for ddymacek

If you really really just want to do it from the 'validate' form to index. you can change the action in your form tag.
I believe that your hidden input needs to be the very first thing under your form tag as well

<form action="index.php?username=" method="get">
<input type="hidden" name="username" value="<?php echo $username ?>"/>
/* you are already setting $username at the top of the script, so why not use this variable instead of the $_POST[uname] var you are using in the hidden tag.
The value of your hidden tag will be the first thing that comes across in your post to index.php
*/
Member Avatar for masterjiraya

some how, what I wan to do with my logic on hiiden tag is acting like shwing the user's profile like on facebook or like here in daniweb.com where in wherever or what ever link or page you clicked... the name "Logged in as: XxxXXX" here in daniweb.com shows on the top... again what ever page in daniweb is... the name of the user is still there.

Member Avatar for ddymacek

looking over your code at a quick glance... you are only thinking about how to handle an object like a user at that very moment. your code is elegant, don't get me wrong, but there is a bigger picture, use objects/classes to handle all the data and queries and use minimal php calls on your page. the page is for display of data, it can still call that data but move your code to a class and make calls from your page which will expect data in a specific order or arrangement usually an array of the object. anyway, it seems as though you are having a user 'login' but you don't know how to handle them switching pages. look into $_SESSION and or cookies to pass data between pages while your user is logged in.

Member Avatar for karthik_ppts

Session concept is the best way for your need.

----
----
if (mysql_fetch_array($querySQL)>0)
//validate the log-in
{
     session_start();
     $_SESSION["user"]=$username;
?>
 
<head>
<meta http-equiv="Refresh" content="5;url=http://localhost:6824/index.php" />
-----
-----

Now you can use $_SESSION["user"] as user name in all pages by starting the session using session_start().

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.