Best way to keep user name 2

[csniffer]

i have now got the following script to work

 <?php
if(($_POST[&quot;UserName&quot;]==&quot;tony&quot;)&&($_POST[&quot;Password&quot;]==&quot;tony&quot;)) {
header(&quot;Location: index.php?UserName=$UserName&quot;); 
} else {
header(&quot;Location: login.php?message=Invalid&quot;);
}
?>

but when i try to print the $UserName to the web page (index.php) i get no output. What is the best way to keep the user name displayed through all the pages that they visit? 4 eg is it best to put the user name into a text file and get it from the file each time they open a new page. php does not seem to whant to hold this user name because when the page returns to index.php the $UserName will not print to the screen. am i going about this the wrong way? any thoughts on this would be helpful. thx


To err is human, to completely mess up takes a computer.

 

[vbkris]

$username=$_POST["UserName"];

Known is handfull, Unknown is worldfull

 

[KempCGDR]

Correction:
$username=$_POST['UserName'];

 

[vbkris]

hey i did give the '[' dont know where it went?

Known is handfull, Unknown is worldfull

 

[csniffer]

so if i do this does the $username become global? if that is so then am i right in saying that any $var that is not in a Function is global?

To err is human, to completely mess up takes a computer.

 

[csniffer]

ok now i have this

 <?php
if(($_POST[&quot;UserName&quot;]==&quot;tony&quot;)&&($_POST[&quot;Password&quot;]==&quot;tony&quot;)) {
$username=$_POST[&quot;UserName&quot;];
header(&quot;Location: index.php?UserName=$UserName&quot;); 
} else {
header(&quot;Location: login.php?message=Invalid&quot;);
}
?>

but when it returns to index.php which is

<?php 

$PageTitle = &quot;JST Web Pros&quot;;
require(&quot;header.php&quot;);
//phpinfo();
print(&quot;<P> <A HREF=\&quot;login.php\&quot;>Login</A> To go the next page.\n&quot;);
require(&quot;footer.php&quot;); 
print(&quot; hello $username&quot;);
?>

only hello is printed? what is happening there? do i need to use a session var, whatever they are

To err is human, to completely mess up takes a computer.

 

[gizmicek]

But you are wrong with the $_POST superglobal, because you pass the variable to index.php through the question mark and that means that you use the GET method. In you index.php page just do <?php echo $_GET['UserName']; ?> and you will get the right result ;-)

But if you are working on pages which should be password protected, this is the worst way how to store the username because everyone can see it in the address bar and can access index.php?UserName=tony page which will simulate the login process. You can use cookies to store the username on the client computer (so do it I) or probably the best way is to use php sessions. You can also use password protecting based on the HTTP protocol (htaccess in apache) but this is the webserver feature and you probably don't have so confidential content on your pages to use this one ;-)

 

[gizmicek]

And also be careful about case - PHP is case-sensitive. So in your first script:

<?php
if(($_POST[&quot;UserName&quot;]==&quot;tony&quot;)&&($_POST[&quot;Password&quot;]==&quot;tony&quot;)) {
$username=$_POST[&quot;UserName&quot;];
header(&quot;Location: index.php?UserName=$UserName&quot;); 
} else {
header(&quot;Location: login.php?message=Invalid&quot;);
}
?>

you redirect browser to the &quot;index.php?UserName=$UserName&quot; but have stored the username into variable $username so $UserName IS EMPTY! I use only lowercase words for variable names and all things related to php code in my scripts, its the best way how to avoid problems related to case...

 

[DRJ478]

Instead of redirecting there is an alternate solution that will not require passing of any variables.

If you build your script in a modular way all you need to do is include the appropriate module within your original script. Load the modules only when needed.
This way you need not pass any variables since all will happen within one script:

<?php
if(($_POST[&quot;UserName&quot;]==&quot;tony&quot;)&&($_POST[&quot;Password&quot;]==&quot;tony&quot;)) {
   include('authorized.inc.php');

} else {
   include('invalid.inc.php');
}
?>

You can maintain your module code in separate files and it will only be loaded when necessary. ALl vars will be in the same convention that the parent script uses, hence,

$_POST['UserName']

will always be that.

 

[csniffer]

ok thx 4 that, there is a bit to think about. i need to go and have a play with these vars, but there is some good advice, thx.

To err is human, to completely mess up takes a computer.