How to use $ _GET to get content coming from a link that was sent to a user's email?

Question

How to use $ _GET to get content coming from a link that was sent to a user's email?

Navigation

#1 by (4 votes)

2

I've sent this link to a user's email:

http://www.example.com/redefinir_senha.php?token=4kl_EIwmivsCg52TsBgWWgWMPsApjFTJL8oBUXPDoHE&uid=USER-ID

On the redefine_password.php page I know how to do the following:

$token= $_GET['token'];

The business is that before using the "token" to update the password with my DBUpdate function I need to get the new password of the form that is on this page also through the POST method.

I have used GET before and within that IF below, but in the end the password is not changed in the database.

if ($_SERVER["REQUEST_METHOD"] == "POST"){ 

$token = $_GET['token']; // Já coloquei aqui e fora, já tentei usar sessão 
                         // ao invés    de simples variável e nada...

if (isset($_POST['senha'])){$senha = DBEscape($_POST['senha']);

$ativar = array('senha' => $senha);

$atualiza = DBUpdate('myway', $ativar, "token = '$token'");
if ($atualiza==true){
echo "Senha redefinida com sucesso!";
}
} else {
echo "Ocorreu um erro, entre em contato conosco!<br>";
}         
  }

It's not a problem with the update function because I'm using it on another page and it works fine.

php get

asked by anonymous 31.08.2014 / 18:06

1 answer

Generic Crud with PDO Select in encrypted value

score 4 · Accepted Answer

As mentioned in the comments, on your password reset page there is a form with the URL of your script:

//Não sou expert em PHP, mas vou supor que está escrevendo a
//variável $_SERVER['PHP_SELF'] no action do form

<form action="<?php echo $_SERVER['PHP_SELF']; ?>" ...>
    // Demais campos do seu formulário
</form>

What should be rendered as:

<form action="redefinir_senha.php" ...>
    // Demais campos do seu formulário
</form>

In this case, there was a loss of Query String , which is required to provide the parameters your script needs. In your script you have:

$token = $_GET['token'];

This parameter GET will not exist as it is.

The first alternative is to change the URL that is in action of the form, using $_SERVER['REQUEST_URI'] instead of $_SERVER['PHP_SELF'] .

From documentation :

The $_SERVER['PHP_SELF'] returns the filename of the script you are running, relative to the root of the document. Not including the Query String .

The $_SERVER['REQUEST_URI'] , returns the URL supplied to access the current page, including the Query String

With the change your form should be:

<form action="<?php echo $_SERVER['REQUEST_URI']; ?>" ...>
    // Demais campos do seu formulário
</form>

That will render as:

<form action="redefinir_senha.php?token=4kl_EIwmivsCg52TsBgWWgWMPsApjFTJL8oBUXPDoHE&uid=180488099954031df1897ac1.93258484" ...>
    // Demais campos do seu formulário
</form>

When submitting the form, the parameter $_GET['token'] will be filled in.

>

Just type your form as:

// Podendo manter o $_SERVER['PHP_SELF']
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" ...>
    // Demais campos do seu formulário
    <input type="hidden" name="token" value="<?php echo $_GET['token']; ?>" />
    <input type="hidden" name="uid" value="<?php echo $_GET['uid']; ?>" />
</form>

It will render as:

<form action="redefinir_senha.php" ...>
    // Demais campos do seu formulário
    <input type="hidden" name="token" value="4kl_EIwmivsCg52TsBgWWgWMPsApjFTJL8oBUXPDoHE" />
    <input type="hidden" name="uid" value="180488099954031df1897ac1.93258484" />
</form>

To retrieve values:

$token = $_POST['token'];
$uid = $_POST['uid'];

The two alternatives work, just choose the one you like best.