Reputation: 3946
PHP session variables and GET request
Good Day,
I am creating a webpage that users login called "index.html" which POSTs data to the "home.php" site when the user submits the form from "index.html." Now that I am inside the "home.php" I can retrieve the posted variables, check them against the database and authenticate the user. Once I am in the "home.php" file, I would like the user to issue a GET request to the "home.php" site to display different data. Is there a way to do that and maintain the authentication?
Right now I am getting a notice saying that the POST variables are undefined. (Obviously, since I am not posting anything)
Notice: Undefined index: pass in C:\xampp\htdocs\home.php on line 7
Thanks, Matt
Upvotes: 0
Views: 3750
Answers (4)
Reputation: 1323
Once you perform your initial authentication check, which would be the form submission and account verification, you should assign the user some form of session token. This is a token that you can verify is authentic that you use for a short-hand verification for subsequent requests. You can create this token a few ways:
- Create a simple table to keep track of authorized session tokens and their expiration date. This ensures that only sessions you create are allowed, tied to a single account, and have a guaranteed expiration date.
- Create an encrypted token format so the session token is actually an encrypted data container which you can only read on the server side with a private, rotating key. The token would contain information about the user and expiration and eliminate the need for a server side table.
In addition to the basic information for each token it would also be good to include references to the UserAgent and IPAddress of the initial authentication request so you can ensure there is no session hijacking taking place.
Once you create your token you will want to store it in a cross-request location; which can be either a session or cookie variable. This is primarily a preference, but either way, you should ensure it is only accessible from an HTTP request and not a JS request to prevent XSS (cross site scripting). Check out these artickes on sessions and cookies:
Now that you have a token you can use from anywhere in your site you will want to make an authentication handler for each of your pages to check this token and verify it is valid. Once you confirm it is authentic you can use it to figure out which user is viewing the page and what permissions they should have.
Upvotes: 2
Reputation: 633
You can for example do that :
echo "<form method='post' action='home.php?parameter1=".$variable1."'>";
Then you have both POST and GET variables.
Edit: But I think I misunderstood you, use SESSION variables to persist the authentication through pages.
Upvotes: 1
Reputation: 7173
It sounds like you want to use sessions.
See: http://www.w3schools.com/php/php_sessions.asp
See: http://www.tizag.com/phpT/phpsessions.php
Upvotes: 2
Related Questions
- How to use $_GET?
- How to use session variables in php?
- $_GET or $_SESSION for passing variable
- Turning a GET variable into a session variable
- Passing GET variables using header in PHP
- Getting values from an HTML form and passing it to the same page
- PHP post variables
- SESSION problem when using GET method in php
- problem in creating php sessions from get variables
- PHP - how to use a session in place of the GET var