Passing Variables from HTML to and through PHP

[Twey]

You're encountering the problems with keeping track of GET variables across pages I mentioned earlier. Use sessions instead.

[djr33]

Agreed. (how ironic, considering... heh.)

Yeah, GET is a one time, simple solution. If you need it to be stable and work for refreshing and such, do use sessions.

[Strangeplant]

Please reread my last post. $_GET solves it only for the page entry the first time. On 'submit', the page reloads to process the form data without the redirect part of the URL, so the $_GET acts again, this time with null.....so I need to change the page reloaded $_SERVER or $HTTP_SERVER_VARS to include in the URL with the redirect part that I need to proceed back to page 2. The question is how to do this......

[djr33]

Look up on php.net

Servers require session_start(); at the beginning of each page to keep them going. That's about it. session_close(); (I think.. not looking at an example this second) will end if it you want to. EVERY page visited, IN ORDER, EACH HAVE a session_start(); One missing link will break the chain and lose the data.

After that... $_SESSION['food'] = 'chicken'; echo $_SESSION['food'];

From page to page for the whole session, that will be available.

[Twey]

EVERY page visited, IN ORDER, EACH HAVE a session_start(); One missing link will break the chain and lose the data.

Only if cookies aren't being used, I believe. The PHP session mechanism uses cookies by default and only falls back to passing the SID by GET or POST if cookies aren't available.

[djr33]

Well, then it's a question of how long you can last without them being deleted... it's claimed to be closing the window or viewing another site, but that doesn't hold true.

In the end, it's worth just including it on every possible page you can (why not?) just in case they don't have cookies.

[Strangeplant]

Ok, ok, ok, I'm total perplexed by what's happening. Page1 points to page2. Page2 determines that the person is not logged on and sends a URL for the loginpage with a redirect attached to it and goes to page3. Fine. Page3 (the loginpage) starts with sessions and apparently retrieves the redirect portion from the url and puts it into a sessions variable. great. or does it?

Then an isset determines that the form value 'submit' is not set, so it then throws the html. The user inputs the form info and hits submit. Well, there is no more php script at this point.

What happens next to process the input? If the input data is correct for a valid user etc, the page directs to index.php and not to the desired page indicated by the url redirect. HOWEVER, if I use the back button after logging in, I'm sent to the right page! so sessions must still be there, and the session redirect variable is correct.

This is why I thought that page3 was reloaded, but the second time without the redirect in the url, but now that doesn't make sense either, so what happens after the submit button is pressed if there are no more lines of code in page3 - i guess it goes back to the top and executes line by line.....but this doesn't explain going to index.php instead of the redirect.

What's happening and how do I fix it?

The only thing that I can envision is that the get in page three does not work until the page is reloaded by the browser back button, and the initial throm from page3 to index.php is because the sessions variable is null because the get didn't get the first time around.....maybe?

Hummmmm....what now?

[Strangeplant]

Well, I've solved it a while ago, although I still don't know what $_SYSTEM variable controls the entry to the page3 the second or more times around. As far as I can tell, it ends up at index.php because it doesn't know where to go.....

What I did is this, and this is pretty much the basic stuff to complete this thread:

Inside page2 I changed the function redirect to add the info in the URL to be:

Code:

function _check_auth($cookie)
{
  $user = array();
  $r = array();
  $session = $cookie['SESSION'];
  $q = mysql_query(" SELECT user_id, user_name, user_level FROM sessions WHERE session = '".$session."' ")
    or die(mysql_error());
  if(mysql_num_rows($q) == 0)
    header('Location: login.php?redirect='.$_SERVER["PHP_SELF"]);
  else {
    $r = mysql_fetch_array($q);
    $user['user_id']    = $r['user_id'];
    $user['user_name']  = $r['user_name'];
    $user['user_level'] = $r['user_level'];
  }
  return $user;
}

And at the top of the page3 (login.php) where if GETs the redirect location:

Code:

session_start();
$var=basename($_GET["redirect"]);
if (strlen($var)>5) $_SESSION['uri']=$var;include_once("inc/auth.inc.php");
_already_logged($_COOKIE);
if(isset($_POST['submit']))
{
  blah;
  blah;
  blah;
}
  else
  {
	  if($_POST['iagree'] == 0) login_page($errmsg = "You must accept User Agreement to proceed");
	  else
	  _set_cookie($user_data,fm($_POST['rem']),session_id(),fm($_POST['user']));
  }
} 
else 
  login_page($errmsg = " ");

also,

Code:

function _set_cookie($user_data, $rem, $session, $username)
{
  if($rem == 1) setcookie('SESSION', $session, time() + 186400);
  else setcookie('SESSION', $session);
  $user_id = $user_data['user_id'];
  $user_name = $user_data['user_name'];
  $user_level = $user_data['user_level'];
  $C = mysql_query(" SELECT * FROM sessions WHERE user_id = '$user_id' AND user_name = '$username' ");
  if(mysql_num_rows($C) == 0)
    $Q = mysql_query(" INSERT INTO sessions (session, user_id, user_name, user_level) VALUES ('$session','$user_id','$username','$user_level') ");
  else
    $Q = mysql_query(" UPDATE sessions SET session = '$session' WHERE user_id = '$user_id' AND user_name = '$username' ");
  header('Location: '.$_SESSION['uri']);
}

and

Code:

function login_page($amsg)
{
  _begin_html();
  _page_top();
  _disclaimer();
  _error_msg($amsg);
  _login_box();
}

The user enters his input, then execution loads page3 again (index.php), the session variables are still there and things proceed correctly the second time around. All is OK, except that I still don't know what $_SYSTEM variable is used for the page reentry, but I guess I don't need to know this.

I want to thank you guys for your help and persistence with me, it's very much appreciated.

[fiNNished]

I am trying to get the same goal as strangeplant - but am having a tough time getting my cookies read and the redirect to work. I don't really want to track WHO they are, only want to make sure they accepted the terms of service before proceeding.

So I have a
generic term page with legal stuff

the user clicks "I agree"

which tosses them to another page that says "Thanks" But the real purpose is to plant a session cookie. (real simple - setcookie ($cookie) )
then they click a "proceed" button and that takes them to the section that needs the legal disclaimer.
The problem is - I can get to the section without the redirect - or thank you - I can get there without the cookie.
Ideas? I have deleted the browser cookies and am placing it before any HTML or text.
<?php
if (!isset($_SESSION['name']))
return true;
else {
return false;
}

if (!emptygo_to =="http://beta.xxx.xxxxxxx.cccccc.yyyy..php")
?>
and yeas, I do feel like a dork.

[fiNNished]

<?php
function _check_auth($_COOKIE)
{ if(isset($_POST['submit']));

elseif
($_GET["http://beta.xxxxxxxxxxxxxxxxx.php"]);

else
die ("You must accept the disclaimer terms before proceeding.");
}
?>

Thanks! I did check into that check_auth routine thanks to strangeplant!