How to receive a variable within the php URL

Asked

Viewed 622 times

1

I’ve had a problem for two days that I can’t decipher. I need the login and password variable passed in my system login form, to reach the url that receives the user and password parameter. This way it will enter according to the login and password passed in the login. This is the code that receives the data from the database:

    session_start();  // Inicia a session

include "./conexao.php";

$login = $_POST['login'];
$senha = $_POST['senha'];

if ((!$login) || (!$senha)){
    echo"<script language='javascript' type='text/javascript'>alert('Por favor, todos campos devem ser preenchidos!');window.location.href='login.php';</script>";
}else{

    $sql = pg_query("...");
$login_check = pg_num_rows($sql);
    if ($login_check<=0){
        echo"<script language='javascript' type='text/javascript'>alert('Login e/ou senha incorretos');window.location.href='login.php';</script>";
        die();
    }else{
        @session_start();
        $_SESSION['login'] = $login;
        $_SESSION['senha'] = $senha;
        $arr = pg_fetch_array($sql);
        $_SESSION['nome'] = $arr['usr_nome'];
        //setcookie("login",$login);
        header("Location:index.php");
    }
}

Then I need to send the data to this link here:

<div class="thumbnail">
    <img src="../05fev/imagens/unnamed.png" alt="Imagem responsiva" class="img-rounded"/>
    <div id="main" class="caption">
        <Iframe
            src = "http://desenv.../webrun/logon.do?sys=SER&user=(aqui recebe o login)&password=(aqui recebe a senha)">
        </iframe>
    </div>
</div>

Someone can help me ??

php html database variables
  • 1

    Sending user and password through the URL is a unsafe practice, would make a request with POST.

  • true, but how would that be ? given that it is an external url attached to the system ?

  • Your html and php are in the same file?

  • are in the same place

  • @Brunohenriquegaignouxgomes If you need a tutorial, here’s a good example: http://www.wikihow.com/Create-a-Secure-Login-Script-in-PHP-and-MySQL

1 answer

1


I am not going to answer the question itself, because the general concept is very wrong and unsafe. Breaking your entire login system is frighteningly easy because you’ve made some very amateur mistakes. I’m just gonna ponder some things that might help you improve that:

  • NEVER TRUST THE USER! The basic rule is - Filter ALL inputs and escape all outputs. When you make a simple $login = $_POST['login']; allows me to realize a Injection of SQL and compromise the entire system. Read about the function filter_input, She’ll help you solve it.
  • Do not use @ to suppress errors, this slows down the code, as well as being ugly and bad practice.
  • PDO is your friend, abuse him.
  • I don’t understand why two session_start();

In short, be careful with this idea of yours, don’t put it into production. There are thousands of tutorials on login with PHP, search for references before you start coding, see ready-made codes helps you think of yours.

  • Okay buddy, thank you

  • Tip: If you no longer change the SESSION add session_close() , this way if the user opens two pages (which have Session) will wait less time. The reason is simple: only one can read and write in the file, so if two pages are being opened/loaded only one would be loaded at the end of the previous process. Adding the session_close() , the second page can be loaded when this function is called.

Browser other questions tagged php html database variables

You are not signed in. Login or sign up in order to post.