POST form variables to another php file after validation

Question

<?php
//index.php
session_start(); 
if (isset($_SESSION['username'])) {
header('Location: Pro_Lesson.php');
}
if (isset($_POST['username'], $_POST['password'])){
    if(empty($_POST['username']) || empty( $_POST['password'])){
        echo "username or password are empty";
    }else {
header('Location: login.php');
    }
}
?>
<html>
<head>
</head>
<body>
<h3>User Login</h3>
<table border="0">
<form method="POST" action="index.php">
<tr><td>Username</td><td>:</td><td><input type="text" name="username" size="20"></td></tr>
<tr><td>Password</td><td>:</td><td><input type="password" name="password" size="20"></td></tr>
<tr><td>&nbsp;</td><td>&nbsp;</td><td><input type="submit" value="Login"></td></tr>
</form>
</table>
</body> 
</html>

how can I post the form data to another php page after success validation for username and password ? and is it secure ?

Answer 1

I'm not really sure what you are asking, but I'll take a stab.

You probably only care about the username (or a userid). What you should do is store that the user authenticated in a cookie (or session based cookie). Just storing the user's username (or user id) in a user editable cookie is a Very Bad Idea (tm). What you should do is have a table on the backend of session IDs which the cookie stores a randomized hash of the primary ID then you could use that to look up what information you stored about that user. Seems complicated, but it's really not. I can expand more on this if you would like.

You could do what felipsmartins suggests, but you shouldn't be storing the user's password anywhere.

Answer 2

You could do it:

$_SESSION['posted'] = $_POST;

In other php page:

print_r($_SESSION['posted']);