$HTTP_POST_VARS problem [Archive]

ScytheBlade1

06-09-02, 20:56

I'm in need of knowledge of utilizing these commands. I'm stuck posting the new user's password as plain text in the URL, which simply can't do. What I need EXACTLY is something like this:

When the user clicks "submit", we'll say that form object "pass" is put into a $HTTP_POST_VARS or $_VARS and then sent. After that, the next page assigns that value to $usrpass, and then writes it to a file. Something like.......

(Code to post "pass" to HTTP_POST_VARS)
(Form submitted)
(Next page loads)
($HTTP_POST_VARS["pass"] (I think) = $pass)
(Data written to file)

I know that you can't assign $HTTP_POST_VARS["pass"] to $pass, but that's just for example.

Also, any information using the new $_VARS would be appeciated greatly.

Help would be greatly appreciated.

Thank you!

piet

06-12-02, 17:45

ScytheBlade1,

What about trying this:

1. The user fills out the form with the password ($pass)
2. In your script, first detect that the form was submitted.
a.) If the form has been submitted then do a redirect to the following page while passing the name=value in the URL. For example...

// Declare your variables
$submit = !empty($HTTP_POST_VARS['submit']) ? $HTTP_POST_VARS['submit'] : "";
$pass = !empty($HTTP_POST_VARS['pass']) ? $HTTP_POST_VARS['pass'] : "";

if ($submit && $pass)
{
// The form has been submitted and the form object "pass' exists
header ('location: next_page.html?pass=' .$pass);
}

b.) Else, show the form

Hope that helps.

Piet

ScytheBlade1

07-02-02, 19:09

Thank you very much. However, now, I have a dumb and simple question.

How would you detect if the form was submitted?

piet

07-03-02, 18:57

In general you should declare all of your POST, GET, and COOKIE VARS like this:

// Declare POST variables
$submit = !empty($HTTP_POST_VARS['submit']) ? $HTTP_POST_VARS['submit'] : "";
$password = !empty($HTTP_POST_VARS['password']) ? $HTTP_POST_VARS['password'] : "";

// Declare GET variables (just an example)
$id = !empty($HTTP_GET_VARS['id']) ? $HTTP_GET_VARS['id'] : "";

This should be done or else it leads to security leaks in your site.

To detect whether your form has been submitted, you would just check to see if one of your form variables was submitted.

For example, if you had a form where a person would give you a password and the form looked like this:

<table>
<tr>
<td>Password:<input type="password" name="password"></td>
<td><input type="submit" name="submit" value="submit"></td>
</tr>
</table>

To detect if this form was submitted you would do something like this:

if ($submit)
{
// The form has been submitted since the submit button has been
// detected. Process the form

}

If the password is a required field you could do something like this:

if($submit && $password)
{
// Both form variable, submit and password, have been detected
// so process the form

}

Hope that helps.

ScytheBlade1

07-10-02, 15:43

Much thanks. It helpd very much, Piet.

ednark

09-27-02, 00:57

you could use the same concept as above only wrap it in an easily useable function, which would be sure to worry if you have register_globals on or off...

this is no more effective than the solution provided above, but is a little more flexible than above, and requires a bit less typing on the top of each page.

to look for a variable in a posted form only you would say..

/// find username in post or set to empty string ''
$username = findVar('username','P','');

/**
* find a variable if it exists in specified location
*
* looks in specified places, in specified order, to find the. return a default if not found in specified places.
* $username = findVar('username','SP','guest');
* the above statement means: look for the varible named username in the Session, then the form POST, if not found in either place then set username to 'guest'
*
* @param $var_name - string, mandatory. The name of the variable to look for. ( for $var1 you send "var1" )
* @param $order - string, optional, default:'ECSPG', restriction: arbitrarily ordered subset of 'ECSPG'.
* The order of places to look for the variable. First Come First Serve.
* NOTE: this works in opposite order as the register_globals setting as defined in your php.ini
* 'ECSPG' = look first for variables set in the local scope, than as environmental varibles if found, return them
* look for varibale in the cookie, if found there return it
* look for variable in the session, if found there returnit
* look for variable in the form POST, if found there return it
* look for variable in the GET query, if found there return it
* if not found yet, return whatever $default is set to
* @param $default - mixed, optional, default:NULL. if not found anywhere with $order, set return this thing.
*
* @return mixed, the found variable or $default.
*/
function findVar( $var_name, $order="ECSPG", $default=NULL )
{

foreach ( range(0,(strlen($order)-1)) as $i ) {
switch ( strtoupper($order{$i}) ) {
case 'E':
if ( isset($GLOBALS) && isset($GLOBALS[$var_name]) ) {
return $GLOBALS[$var_name];
} else if ( $result = getenv($var_name) ) {
return $result;
}
break;

case 'C':
if ( isset($_COOKIE) && isset($_COOKIE[$var_name]) ) {
return $_COOKIE[$var_name];
} else if ( isset($HTTP_COOKIE_VARS) && isset($HTTP_COOKIE_VARS[$var_name]) ) {
return $HTTP_COOKIE_VARS[$var_name];
}
break;

case 'S':
if ( isset($_SESSION) && isset($_SESSION[$var_name]) ) {
return $_SESSION[$var_name];
} else if ( isset($HTTP_SESSION_VARS) && isset($HTTP_SESSION_VARS[$var_name]) ) {
return $HTTP_SESSION_VARS[$var_name];
}
break;

case 'P':
if ( isset($_POST) && isset($_POST[$var_name]) ) {
return $_POST[$var_name];
} else if ( isset($HTTP_POST_VARS) && isset($HTTP_POST_VARS[$var_name]) ) {
return $HTTP_POST_VARS[$var_name];
}
break;

case 'G':
if ( isset($_GET) && isset($_GET[$var_name]) ) {
return $_GET[$var_name];
} else if ( isset($HTTP_GET_VARS) && isset($HTTP_GET_VARS[$var_name]) ) {
return $HTTP_GET_VARS[$var_name];
}
break;

}
}

return $default;
}