www.webdeveloper.com
Results 1 to 10 of 10

Thread: Passing back a value to another form

Hybrid View

  1. #1
    Join Date
    Sep 2010
    Posts
    30

    Passing back a value to another form

    HI everyone,

    Having a hard time with passing back a password variable to another form,

    If you go to:

    http://aosystemsgroup.com/phplogin_v2.3/register.php

    Then click on "Generate" to form pop's up. I need to find a safe way of getting the password value back to the original form on a separate page.. Any help? Much appreciated.

  2. #2
    Join Date
    Jul 2013
    Location
    Voorheesville NY USA
    Posts
    857
    In the first place - you should NEVER be passing a password around anywhere. Take it from its source, validate it and then use a token of some kind to pass around the fact that the user is ok. Set it as a hidden field or a Session var and then check it in your next script.

  3. #3
    Join Date
    Sep 2010
    Posts
    30
    Quote Originally Posted by ginerjm View Post
    In the first place - you should NEVER be passing a password around anywhere. Take it from its source, validate it and then use a token of some kind to pass around the fact that the user is ok. Set it as a hidden field or a Session var and then check it in your next script.
    Ginerjm:

    I know, hence I mentioned "safe way" of passing it around. I might just get rid of the fancy pop-up generator and allow this to be part of the original form. But if you have any other suggestions I would like to hear about them.

    Thanks

  4. #4
    Join Date
    Jul 2013
    Location
    Voorheesville NY USA
    Posts
    857
    The problem was that you mentioned "pass it around".

    That said - I have nothing further to add since I have made my statement and you didn't really ask a question beyond that.

    But of course - you could just create a session 'token' variable and then check for it being set in the called form.

  5. #5
    Join Date
    Sep 2010
    Posts
    30
    Quote Originally Posted by ginerjm View Post
    The problem was that you mentioned "pass it around".

    That said - I have nothing further to add since I have made my statement and you didn't really ask a question beyond that.

    But of course - you could just create a session 'token' variable and then check for it being set in the called form.
    Alright, pretty easy decision then. I'll just make it part of the original form. Was hoping to have some eye candy added, but if its that problematic, then its okay.

  6. #6
    Join Date
    Jul 2013
    Location
    Voorheesville NY USA
    Posts
    857
    It's not a problem if you simply substitute that true password value with something that represents that the user is authorized. Pass THAT around and I don't have a problem.

  7. #7
    Join Date
    Sep 2010
    Posts
    30
    Quote Originally Posted by ginerjm View Post
    It's not a problem if you simply substitute that true password value with something that represents that the user is authorized. Pass THAT around and I don't have a problem.
    Would be good to just pass it from the second, pop-up form to the original parent form. But if its too risky or too problematic and I'll just add it to my "future things to do".. Have enough to do as it is.

  8. #8
    Join Date
    Jul 2013
    Location
    Voorheesville NY USA
    Posts
    857
    The point of this discussion is to make you realize that passing a password around is an absolute mistake. Why would you risk its discovery by increasing the likelihood of it being seen? Getting it from the user the one time he/she types it in and hits submit is the most it should ever be exposed. Your login script should utilize it to check your db for a proper login and then from that point on you should use some other mechanism to keep track of the user's access privileges. Whatever that turns out to be is up to you, but Do Not Use the actual password ever again.

  9. #9
    Join Date
    Mar 2005
    Location
    Behind you...
    Posts
    1,016
    For the record, if you want to add some 'eye candy' to your password generator, just use (inline) modal windows instead of actual popups. Frankly popups are a dying breed as more and more browsers block them by default and more users arm themselves with popup/ad blockers. Inline windows are a nice way to get a similar effect and frankly are much easier to work with from a scripting standpoint (as everything remains within the same window).

    I'm not sure what alternative, safe way you found, but I did think I should mention this since it would have solved your original issue and still allowed you to maintain the idea you had in mind.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles