I am trying to store $_GET in variables and re-use them in a POST request, but the problem is that as soon as a POST request is sent the URL becomes empty and there is nothing to store in variables or the data stored in variables is removed as there is nothing in the URL
success.php?email=16564017@gmail.com&token=M3XK5HeCZy Current URL
after a POST request is sent the URL is success.php leaving nothing to store,
I’m trying to update passwords of users on basis of this method
I’ve tried this with $_SESSION, but cannot figure it out, My current work
if(!$_GET['email'] && !$_GET['token']) {
header("Location: register.php");
}
else {
$arrayCookie = array('email' => $_GET['email'] , 'token' => $_GET['token']);
$json = json_encode($arrayCookie);
setcookie('data',$json,time()+(8400));
$cookie = $_COOKIE['data'];
$cookie = stripslashes($cookie);
$cookieSavedArray = json_decode($cookie,true);
print_r($cookieSavedArray);
include 'UserActions.php';
$msg="";
$checkEmail = new UserActions();
$checkEmail->databaseConnection('localhost', 'root', '', 'placement2018');
}
HTML Form
<form action="success.php" enctype="multipart/form-data" method="post">
<div class="col-sm-12">
<div class="form-group">
<label>Password</label>
<input type="password" name="pass" placeholder="Enter password" class="form-control" required>
</div>
<div class="form-group">
<label>Confirm Password</label>
<input type="password" name="confirmpass" placeholder="Confirm password" class="form-control" required>
</div>
<input class="btn btn-lg btn-info" type="submit" name="addPassword" value="Submit">
</center>
Now, as soon as I submit the form, the URL parameters are not there anymore, so I want to store the URL parameters as I need to run queries based on it.
How do I store $_GET parameters such that they remain in a $_POST request as well?
Advertisement
Answer
This is how I’ve resolved this problem, I believe this is sort of a hack but it works, I am still looking for a better solution.
Validations
If there are no parameters in the URL it’ll redirect
if(!$_REQUEST['email'] && !$_REQUEST['token']) {
header("Location: register.php");
}
If parameters found then :
if(isset($_POST['addPassword'])) {
$email = htmlentities($_POST['email']);
$token = $_POST['token'];
$password=$_POST['pass'] ;
$confirm = $_POST['confirmpass'] ;
if($password == $confirm) {
if($checkEmail->checkTokenEmail($email,$token)) {
$password = password_hash($password,PASSWORD_BCRYPT);
if($checkEmail->setAccountActiveAndInsertPassword($email,$password)) {
$msg = "<p style='color:green;text-align:center;'>Successfuly set password, you may login now</p>";
}
} else {
$msg = "<p style='color:red;text-align:center;'>This link is expired</p>";
}
}
}
and finally, before the $_POST request I am storing $email and $token in a hidden field so that I can further use it in queries
<form action="success.php" enctype="multipart/form-data" method="post">
<div class="col-sm-12">
<div class="form-group">
<label>Password</label>
<input type="password" name="pass" placeholder="Enter password" class="form-control" required>
</div>
<div class="form-group">
<label>Confirm Password</label>
<input type="password" name="confirmpass" placeholder="Confirm password" class="form-control" required>
</div>
<input type="hidden" value="<?php echo $_REQUEST['email'];?>" name="email">
<input type="hidden" value="<?php echo $_REQUEST['token'];?>" name="token">
<center>
<input class="btn btn-lg btn-info" type="submit" name="addPassword" value="Submit">
</center>
</div>