Suchy Posted May 25, 2007 Share Posted May 25, 2007 I have a simple password form: <?php $password = "test"; if( ! $_GET['Submitp'] == "Enter" && ! $_GET['pass'] == $password ) { ?> Please Log in. <form action="<?php $_SERVER['PHP_SELF']?>"> Password :<br /> <input type="password" id="pass" name="pass" size="35" /> <input type="submit" name="Submitp" value="Enter" /> </form> <?php } else if ( ! $_GET['pass'] == $password) { ?> Error ! - Wrong Password <br> <a href="admin.php">Try again.</a> <br> <?php } else { ?> .......... <?php } ?> The problem with this is that after I enter the corect password, you can see it in the url address bar. looks something like: .../admin.php?pass=test&Submitp=Enter How can I modify this code, so that that password does not show up? Link to comment https://forums.phpfreaks.com/topic/52909-user-authentication-form/ Share on other sites More sharing options...
trq Posted May 25, 2007 Share Posted May 25, 2007 Change this... <form action="<?php $_SERVER['PHP_SELF']?>"> to.... <form action="<?php $_SERVER['PHP_SELF']?>" method="post"> then change all occurrences of $_GET to $_POST. Link to comment https://forums.phpfreaks.com/topic/52909-user-authentication-form/#findComment-261301 Share on other sites More sharing options...
Glyde Posted May 25, 2007 Share Posted May 25, 2007 Add method="post" to your <form> tag. Then, you'll have to change all instances of $_GET to $_POST in your PHP script. Basically, there are two ways of transferring data to a server. There's the GET method, and the POST method. The GET method should really be used for exactly what you'd suspect...GETting data. Using GET to send information to the server (provided it's not something like deleting a record from a DB) is stupid. If you're going to send data to the server that the server should interpret and do things with, it should be posted. This will prevent the data from being shown in the URL, as the data is not part of the URL. It is part of the request body that is sent to the server. Link to comment https://forums.phpfreaks.com/topic/52909-user-authentication-form/#findComment-261302 Share on other sites More sharing options...
Suchy Posted May 25, 2007 Author Share Posted May 25, 2007 Thanks that works. One more question: Is storing passwords in the php file safe and a good idea? It is just one password for me and that is why I did not feel like storing it in mysql. Link to comment https://forums.phpfreaks.com/topic/52909-user-authentication-form/#findComment-261316 Share on other sites More sharing options...
Suchy Posted May 25, 2007 Author Share Posted May 25, 2007 Actualy another problem poped up. Since I changed the GET to POST, after I enter the password few dropdownmenues show up. But when I select something and hit submit, page jumps to the original state where I have to enter the password again. How can I fix this problem ? Link to comment https://forums.phpfreaks.com/topic/52909-user-authentication-form/#findComment-261337 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.