How to get a variable inside the URL in php

1

I have a two-day problem that I can not decipher. I need the login variable and password passed in the login form of my system, get to the url that receives the user and password parameter. That way it will enter according to the login and password passed in the login. This is the code that receives the data from the database:

    session_start();  // Inicia a session

include "./conexao.php";

$login = $_POST['login'];
$senha = $_POST['senha'];

if ((!$login) || (!$senha)){
    echo"<script language='javascript' type='text/javascript'>alert('Por favor, todos campos devem ser preenchidos!');window.location.href='login.php';</script>";
}else{

    $sql = pg_query("...");
$login_check = pg_num_rows($sql);
    if ($login_check<=0){
        echo"<script language='javascript' type='text/javascript'>alert('Login e/ou senha incorretos');window.location.href='login.php';</script>";
        die();
    }else{
        @session_start();
        $_SESSION['login'] = $login;
        $_SESSION['senha'] = $senha;
        $arr = pg_fetch_array($sql);
        $_SESSION['nome'] = $arr['usr_nome'];
        //setcookie("login",$login);
        header("Location:index.php");
    }
}    

Then I need to send the data to this link here:

<div class="thumbnail">
    <img src="../05fev/imagens/unnamed.png" alt="Imagem responsiva" class="img-rounded"/>
    <div id="main" class="caption">
        <Iframe
            src = "http://desenv.../webrun/logon.do?sys=SER&user=(aqui recebe o login)&password=(aqui recebe a senha)">
        </iframe>
    </div>
</div>

Can anyone help me?

    
asked by anonymous 11.02.2016 / 12:04

1 answer

1

I'm not going to answer the actual question, as the general concept is very wrong and insecure. Breaking your entire login system is frighteningly easy as you've made some pretty amateur mistakes. I'm going to consider some things that can help you improve this:

  • NEVER TRUST THE USER! The basic rule is - filter ALL inputs and escape all outputs. When you do a simple $login = $_POST['login']; it allows me to perform a SQL Injection and commit all the system. Read about filter_input function, it will help you solve this.
  • Do not use the @ to suppress errors, this leaves the code slower, besides being ugly and a bad practice.
  • PDO is your friend, abuse it.
  • I did not understand why two session_start();

In short, beware of this idea of yours, do not put it into production. There are thousands of tutorials on login with PHP, look for references before you start coding, view ready codes helps you think of yours.

    
11.02.2016 / 12:50