Click here to Skip to main content
16,020,162 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
Alright so here is my ONLY problem. For some reason the URL does not carry over the "gets" but it DOES carry over the POST information. The main line that's a problem here is "http://www.mywebsite.com/resetpass.php?email=$email&hash=$hash&password=$password" when the website loads all you get is: http://www.mywebsite.com/resetpass.php?email=&hash=&password=PASSWORDWORKS

I'm also afraid of the security for this process but it is very complicated to do an under-laying system all on one php website

<form action="resetpass.php" id="form" method="post" name="form">
New Password: <input type="text" name="password"><br>
Confirm Password: <input type="text" name="confirm"><br>
<input type="submit" name="submit" value="Change Password">
</form>

<?php

//no way to hide pass in link for this part?
if(isset($_POST['submit']))
{
    $password = $_POST['password'];
    $confirm = $_POST['confirm'];
    if ($password == $confirm && !empty($password) && !empty($confirm))
    {
        $hash = $_GET['hash'];
        $email = $_GET['email'];
        //echo "<script>document.location.href=resetpass.php?email=".$email."&hash=".$hash."&password=".$password."</script>";
        header("Location: http://www.mywebsite.com/resetpass.php?email=$email&hash=$hash&password=$password");
        //header("Location: http://www.mywebsite.com/resetpass.php?email=".$email."&hash=".$hash."&password=".$password);
        exit;
    }
    else
    {
        echo('Passwords do not match!<br/>Go back and try again.');
    }
}
?>


What I have tried:

I just threw "get's" all over the place and commented out urls as alternative methods. to see if it would pick up the values at some point but for some reason it never carries no matter what i do. What's missing?
Posted
Updated 10-Oct-18 5:31am
v4

GET parameters go in the action url, POST parameters in the form's inputs

<form method="post" action="/somepage.php?get=parameters&are=here">
    <input type="text" name="postParameter" value="this value will be sent as POST">
    ... etc
</form>

OR

also you can store you value in session and can access it inside post method.

OR
you can create hidden input field and can embed you parameters here

<input name="hash" type="hidden" value="<?php echo htmlspecialchars($_GET['hash'], ENT_QUOTES); ?>"> 

<pre><input name="email" type="hidden" value="<?php echo htmlspecialchars($_GET['email'], ENT_QUOTES); ?>"> 
 
Share this answer
 
Comments
Member 14014830 10-Oct-18 12:41pm    
Genius?
summiya1 10-Oct-18 14:30pm    
:)
Check the contents of your hash on the send side. If it contains any URL "control" characters you'll have problems (I've aliased these when I had to, converting back after received). If, for example, it contains an &, that would cause problems (not what you see, but an example). Don't assume things are as you expect, for if they were, you'd not have posted this question!

But aside from that, you can use the duel-nature of $_REQUEST to read all posts and gets - just to check what you have. Something like print_r($_REQUEST) and get the full story for the server side.
 
Share this answer
 
v2

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS


CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900