VirusDoctor Posted December 19, 2007 Share Posted December 19, 2007 Hi guys, before I get completely shouted at here, i know that if one uses the $_GET method its going to show in the url, I just cant seem to find a way around using it for what I'm trying to do. I have a members.php page, in the page are two columns, options on the left and the content for the options on the right (when the relevant option is chosen). Now $_GET works perfectly for every other option as they are not sensitive data but for the pw change, I dont want the pw to show in the url when submitting. Here is my code, any suggestions or fixes welcome. <?php session_start(); if (isset($_SESSION[my_loginstatus])) { require_once("header.php"); require("std_config.php");?> <div class="nav"> <?= buildHeading ("Members Area"); ?> <table class="options" width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="25%" style="border-left: 1px solid #CCCCCC; border-right: 1px solid #CCCCCC; border-bottom: 1px solid #CCCCCC; padding: 4px;"><table width="100%" border="0" cellspacing="0" cellpadding="2"> <tr> <td><?php echo ("<div class='notice'>Welcome</div><div class='error'>".$_SESSION['name']." ".$_SESSION['surname']."</div><div class='notice2'><hr> Account Balance: R0.00<hr></div>"); ?> </td> </tr> </table> </table> <br> <?= buildHeading ("Account Options"); ?> <table class="options" width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="25%" style="border-left: 1px solid #CCCCCC; border-right: 1px solid #CCCCCC; border-bottom: 1px solid #CCCCCC; padding: 4px;"><table width="100%" border="0" cellspacing="0" cellpadding="2"> <tr> <td><a href="members.php?go=pwreset">Reset Password </a></td> </tr> <tr> <td>Change Email Address</td> </tr> <tr> <td>Change Address</td> </tr> <tr> <td>Pay Account</td> </tr> <tr> <td>Invoice History</td> </tr> </table> </table> <br> <?= buildHeading ("Auction Options"); ?> <table class="options" width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="25%" style="border-left: 1px solid #CCCCCC; border-right: 1px solid #CCCCCC; border-bottom: 1px solid #CCCCCC; padding: 4px;"><table width="100%" border="0" cellspacing="0" cellpadding="2"> <tr> <td title="All auctions you have won.">Auctions Won</td> </tr> <tr> <td title="All auctions you're currently winning.">Auctions You're Winning</td> </tr> <tr> <td title="All items you have sold.">Sold Items</td> </tr> <tr> <td title="Items currently on sale from you.">Items You're Selling</td> </tr> <tr> <td>Auction History</td> </tr> </table> </table> </div> <div class="content"><?= buildHeading ("Values"); ?> <form method="GET" action=""> <?php // If the user selected "reset password" from the left menu. if ($_GET['go'] == 'pwreset') { echo '<table align=center class="align"> <tr> <td> <br><br><br><br><br><br><br><br>Are you sure you want to reset your current password? <br><br> </td> </tr> <tr> <td><div style="center2"> <input class="buttons" name="pw_change" type="submit" id="yes" value="Yes"> <input class="buttons" name="option" type="submit" id="no" value="No"></div> </td> </tr> </table>'; }?></form> <form method="POST" action=""> <?php // If the user selected Yes, they want to reset their password. if ($_GET['pw_change']) { echo '<table align=center class="align"> <tr> <td> <br><br><br><br><br><div class=notice>Please enter your new password.</div> <br><br> </td> </tr> <table align=center class="regTable3" border="1"> <tr> <td class="bgcolor"> Current Password: </td> <td class="inputbox"> <input class="textinput" type = "password" name = "password" size="17"> </td> </tr> <tr> <td class="bgcolor"> New Password: </td> <td class="inputbox"> <input class="textinput" type = "password" name = "password" size="17"> </td> </tr> <tr> <td class="bgcolor"> Confirm Password: </td> <td class="inputbox"> <input class="textinput" type = "password" name = "confirm" size="17"> </td> </tr> </table> <br> <div class=align> <input class="buttons" name="submit" type="submit" id="login" value="Submit"> </div> </table>'; } ?></form> <?php // If the user entered a new password and clicked submit. if ($_GET['submit']) { $password = md5($_GET['password']); $password2 = ($_GET['password']); $username = $_SESSION['username']; $check = mysql_query("SELECT password FROM users WHERE password='$password' AND username='$username'") or die (mysql_error()); $row = mysql_fetch_assoc($check); // Check if a users current password is equal to their stored password. if ($row['password'] != $password) { echo "<br><br><br><br><br><br><div class=error>Your current password is incorrect.</div>"; } // Check if password and confirmation passwords match. else if (!$_GET['password']) { echo "<br><br><br><br><br><br><div class=error>Please enter a password before pressing Submit.</div>"; } else if ($_GET['password'] != ($_GET['confirm'])) { echo "<br><br><br><br><br><br><div class=error>Your password and confirmation passwords do not match.</div>"; } // If they do match, update the database, tell the user password has changed and log them out. else { $email = ($_SESSION['email']); $query = mysql_query("SELECT actkey FROM users WHERE email = '$email' LIMIT 1") or die(mysql_error()); $row2 = mysql_fetch_assoc($query); $act = $row2['actkey']; mysql_query("UPDATE users SET password='$password' WHERE username='$username'") or die (mysql_error()); mysql_query("UPDATE users SET activated='0' WHERE username='$username'") or die (mysql_error()); $send = mail($email , "Re-activate your account" , "You recently requested a password change which requires your account to be re-activated. \nYour new password is $password2 \n\nClick the link below to activate your account: \nhttp://www.bidders.co.za/activate.php?id=".$act." \n\nPlease do not reply, this is an automated mailer. \n\nThanks", "FROM: [email protected]"); echo "<br><br><br><br><br><br><div class=error>Your password has been changed and you will automatically be logged out. Please check your email address for instructions on how to re-activate your account</div>"; session_destroy(); echo '<meta http-equiv="refresh" content="3;url=logout.php" />'; } } ?></div> <br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br> <?php require("footer.php"); } else { header("Location: login.php"); } ;?> Link to comment https://forums.phpfreaks.com/topic/82403-change-pw-code-password-shows-in-url-help/ Share on other sites More sharing options...
revraz Posted December 19, 2007 Share Posted December 19, 2007 Not gonna sort through the code. But why are you using GET to change a PW? POST it instead. Link to comment https://forums.phpfreaks.com/topic/82403-change-pw-code-password-shows-in-url-help/#findComment-418921 Share on other sites More sharing options...
VirusDoctor Posted December 19, 2007 Author Share Posted December 19, 2007 Each time I try to POST it, the whole pw change html and code no longer works. The problem is that I have to use $_GET for the link on the left which is: <a href="members.php?go=pwreset">Reset Password </a> Otherwise I have no idea how to tell the code that should be on the right hand side to be triggered to show. The code that shows the pw change form is: <form method="GET" action=""> <?php // If the user selected "reset password" from the left menu. if ($_GET['go'] == 'pwreset') { echo '<table align=center class="align"> <tr> <td> <br><br><br><br><br><br><br><br>Are you sure you want to reset your current password? <br><br> </td> </tr> <tr> <td><div style="center2"> <input class="buttons" name="pw_change" type="submit" id="yes" value="Yes"> <input class="buttons" name="option" type="submit" id="no" value="No"></div> </td> </tr> </table>'; }?></form> Using $_POST does nothing. Link to comment https://forums.phpfreaks.com/topic/82403-change-pw-code-password-shows-in-url-help/#findComment-418931 Share on other sites More sharing options...
VirusDoctor Posted December 19, 2007 Author Share Posted December 19, 2007 Nobody have any ideas? Link to comment https://forums.phpfreaks.com/topic/82403-change-pw-code-password-shows-in-url-help/#findComment-418956 Share on other sites More sharing options...
emehrkay Posted December 19, 2007 Share Posted December 19, 2007 change the form action to post and change every "$_GET" in your processing page to "$_POST" Link to comment https://forums.phpfreaks.com/topic/82403-change-pw-code-password-shows-in-url-help/#findComment-418967 Share on other sites More sharing options...
VirusDoctor Posted December 19, 2007 Author Share Posted December 19, 2007 Hi, I tried that, but when thats done and you click on the link to show the pw change form, nothing happens. <a href="members.php?go=pwreset">Reset Password [/url] Keep in mind that the link above and the code to change the pw (form) aswell as a few other changes like email etc are also done in the same php file. Link to comment https://forums.phpfreaks.com/topic/82403-change-pw-code-password-shows-in-url-help/#findComment-418974 Share on other sites More sharing options...
CMC Posted December 19, 2007 Share Posted December 19, 2007 You can still use go=pwreset and a post variable. Just do something like: <?php $go = $_GET['go']; if(isset($go)){ if($go == "pwreset"){ show form echo "<form action=\"script.php\" method=\"post\">"; } } ?> Link to comment https://forums.phpfreaks.com/topic/82403-change-pw-code-password-shows-in-url-help/#findComment-418985 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.