crmamx Posted February 9, 2011 Share Posted February 9, 2011 How do I retain a password as a user navigates from page to page without having to ask him for it again. I do not need it to protect the page, I need it to execute whatever selection he makes. enter_psw.html // this is a form verify_psw.php // I have the password here menu1.html // I don't have the password here and need it display_records add_record.php change_record.php delete_record_php Link to comment https://forums.phpfreaks.com/topic/227160-how-do-i-retain-a-password-in-programs/ Share on other sites More sharing options...
zenlord Posted February 9, 2011 Share Posted February 9, 2011 You *never* retain a password - that is a huge security flaw. You can check if a user has provided you with a valid combination of username and password and then set a variable (f.e. $loggedIn) to 1. That variable can be set in a session or cookie, so you can check on every page if $_SESSION['loggedIN'] or $_COOKIE['loggedIn'] is set to 1. Of course, to be secure, you need to read up a lot on this stuff... Link to comment https://forums.phpfreaks.com/topic/227160-how-do-i-retain-a-password-in-programs/#findComment-1171777 Share on other sites More sharing options...
PFMaBiSmAd Posted February 9, 2011 Share Posted February 9, 2011 or cookie You would never use a cookie with a simple value in it to indicate someone is logged in because anyone could set that cookie themselves and become logged into a site. You can use a cookie to identify someone (using a unique and hard to guess value), but you must only use a value stored on the server to indicate if they are logged in. Link to comment https://forums.phpfreaks.com/topic/227160-how-do-i-retain-a-password-in-programs/#findComment-1171778 Share on other sites More sharing options...
crmamx Posted February 9, 2011 Author Share Posted February 9, 2011 You *never* retain a password - that is a huge security flaw. I don't understand this. I am capturing the user input (maybe password is the wrong nomenclature) from the form in the php program using Post. Then I link to my file: (and select only one record). ID Number........ect. 1 804333 2 398434 3 804333 4 354778 If the search=0, then either the password is invalid or that user does not have any records in the file. It prints an error message. If the search=1, it will print a link to the menu program. In either case, neither the form or the php program returns the "password" to the browser. So what is it I don't know? Secondly: If the search=1, then the user will link to the next program (html) which will present 4 options. display add change delete When he selects the option it will link to a php program. And here is where I need the number he entered in the form when he started. Link to comment https://forums.phpfreaks.com/topic/227160-how-do-i-retain-a-password-in-programs/#findComment-1171821 Share on other sites More sharing options...
BlueSkyIS Posted February 9, 2011 Share Posted February 9, 2011 retain info from page to page: sessions. Link to comment https://forums.phpfreaks.com/topic/227160-how-do-i-retain-a-password-in-programs/#findComment-1171868 Share on other sites More sharing options...
crmamx Posted February 9, 2011 Author Share Posted February 9, 2011 Many thanks. Short and right on the money. I had searched the tutorials and could not find the answer. Link to comment https://forums.phpfreaks.com/topic/227160-how-do-i-retain-a-password-in-programs/#findComment-1171873 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.