How do I use $_GET to pick up content from a link that was sent to a user’s email?

Asked

Viewed 3,256 times

2

I sent this link to a user’s email:

http://www.example.com/redefinir_senha.php?token=4kl_EIwmivsCg52TsBgWWgWMPsApjFTJL8oBUXPDoHE&uid=USER-ID

On the page reset.php password I know how to do the following:

$token= $_GET['token'];

The deal is that before using the "token" to do the password update with my dbupdate function i need to get the new form password that is on this page also through the POST method.

I have used GET before and within this IF below, but at the end the password is not changed in the database.

if ($_SERVER["REQUEST_METHOD"] == "POST"){ 

$token = $_GET['token']; // Já coloquei aqui e fora, já tentei usar sessão 
                         // ao invés    de simples variável e nada...

if (isset($_POST['senha'])){$senha = DBEscape($_POST['senha']);

$ativar = array('senha' => $senha);

$atualiza = DBUpdate('myway', $ativar, "token = '$token'");
if ($atualiza==true){
echo "Senha redefinida com sucesso!";
}
} else {
echo "Ocorreu um erro, entre em contato conosco!<br>";
}         
  }

No problem with the update function as I am using it on another page and works normally.

If within my Update function me just switch "token = '$token'" for "email = '[email protected]'" everything works...

php get

  • Is the token not coming with the correct password change? How is action form? If you are not using the submit of the form, adding the token in AJAX?

  • action="<? php echo htmlspecialchars($_SERVER["PHP_SELF"]);? >" This action I need to post the password on the same page. The token comes from the link the user clicks in the email.

  • To Query String appears in the action? Based on the question: http://stackoverflow.com/questions/20127113/php-serverphp-self-to-include-query-string, the PHP_SELF does not return to Query String, try to use the REQUEST_URI as recommended.

  • I looked there but do not know how to apply. Use request instead of post?

  • No no no, just change the $_SERVER['PHP_SELF'] for $_SERVER['REQUEST_URI'] in the action form. So do not lose the Query String that contains the token.

  • Man, it worked. Thank you! How it works?

  • I’ll create an answer and explain ok?

  • Thanks! Tav'squeezing my mind that...

Show 3 more comments

1 answer

4


As mentioned in the comments, on your password reset page there is a form with the URL of your script:

//Não sou expert em PHP, mas vou supor que está escrevendo a
//variável $_SERVER['PHP_SELF'] no action do form

<form action="<?php echo $_SERVER['PHP_SELF']; ?>" ...>
    // Demais campos do seu formulário
</form>

What should be render as:

<form action="redefinir_senha.php" ...>
    // Demais campos do seu formulário
</form>

In this case, there was the loss of Query String, necessary to provide the parameters your script needs. In your script you have:

$token = $_GET['token'];

This parameter GET will not exist the way this.

The first alternative is to change the URL who is in the action of the form, using the $_SERVER['REQUEST_URI'] instead of the $_SERVER['PHP_SELF'].

Of documentation:

The $_SERVER['PHP_SELF'] returns the file name of the script you are running, relative to the document root. Not including the Query String.

The $_SERVER['REQUEST_URI'], returns to URL provided to access the current page, including the Query String

With the change your form should stay:

<form action="<?php echo $_SERVER['REQUEST_URI']; ?>" ...>
    // Demais campos do seu formulário
</form>

That will render itself as:

<form action="redefinir_senha.php?token=4kl_EIwmivsCg52TsBgWWgWMPsApjFTJL8oBUXPDoHE&uid=180488099954031df1897ac1.93258484" ...>
    // Demais campos do seu formulário
</form>

When submitting the form, the parameter $_GET['token'] will be filled.

Alternative which I suggest is to include the parameters you need the URL and include as input Hidden in the form, and there need not change the action.

Just write your form as:

// Podendo manter o $_SERVER['PHP_SELF']
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" ...>
    // Demais campos do seu formulário
    <input type="hidden" name="token" value="<?php echo $_GET['token']; ?>" />
    <input type="hidden" name="uid" value="<?php echo $_GET['uid']; ?>" />
</form>

Which will be rendered as:

<form action="redefinir_senha.php" ...>
    // Demais campos do seu formulário
    <input type="hidden" name="token" value="4kl_EIwmivsCg52TsBgWWgWMPsApjFTJL8oBUXPDoHE" />
    <input type="hidden" name="uid" value="180488099954031df1897ac1.93258484" />
</form>

To recover the values:

$token = $_POST['token'];
$uid = $_POST['uid'];

The two alternatives work, just choose the one you think best.

  • Got it man! Perfect! I was losing the same token... If I use the "hiddens" that I need will be sent the same way, then rescue them with the $_POST the same way I do with the password! So I can leave the PHP_SELF... (y) VERY SATISFIED! Now I know the "REQUEST_URI"! Thanks!

Browser other questions tagged php get

You are not signed in. Login or sign up in order to post.