close ad
 
Important WebAssist Announcement
open ad
View Menu

Technical Support Forums

Free, outstanding support from WebAssist and your colleagues

rating

Help with Verify Form field Information

Thread began 12/11/2009 7:40 am by buonsen368464 | Last modified 1/04/2010 12:56 pm by Eric Mittman | 5138 views | 21 replies |

buonsen368464

Help with Verify Form field Information

Hello Support,
I have generated the required pages using SA. I have created another page(verify.php) with some form fields similar to what I have in my userRegistration page (First Name, Last Name, Date of Birth and SSN).
If my client forgot his/her password, s/he is redirected to verify.php(that I can do) and must provide form field information that will match that in the database. If the client provides the match information on the verify.php page, s/he is then redirected to userEmailPW page to provide the username and proceed thereafter.
My question is, do I need to create session variables for the form fields and then bind them with the verify.php page and how do I link verify.php page and the userEmailPW page such that when the match information is provided, the user is immediately redirected to userEmailPW page.
I will appreciate your help please!!
Thanks alot

Sign in to reply to this post

Eric Mittman

I think you covered most of what you will need to make this page work. You will have the form on this page, the form should post to this same page. You will then have a recordset that is filtered on the posted values from this form.

If the recordset is not empty then you can send them to the email password page. If you would like it so the user cannot get to the email password page by just going there directly then you would need to make an extra check, you can set a session variable on the verify page after you check for the recordset being empty and before you send the user to the email password page. You would then have a check at the top of the email password page for the user_verified session variable you created. If the variable is not set or does not have a value then you would redirect them back to the verify page.

If you had it like this the user would be required to fill out the verify form before they can continue to the email password page.

Sign in to reply to this post

buonsen368464

Help with Verify Form field Information

Hello Suport,
I really do appreciate your help. Below is the script that I generated for the verify.php page. I tried testing the page by entering the match information in the database and was not redirected to the userEmailPW page. I was expecting to be redirected as soon as the information that I entered match that of the database. I was also expecting that if the information do not match that in the database, it should not be redirected until the correct information is entered.

Also, concerning the Extra check for the userEmailPW page access, you said

"If you would like it so the user cannot get to the email password page by just going there directly then you would need to make an extra check, you can set a session variable on the verify page after you check for the recordset being empty and before you send the user to the email password page. You would then have a check at the top of the email password page for the user_verified session variable you created. If the variable is not set or does not have a value then you would redirect them back to the verify page."

How do I create the extra check? any step by step clue?

I know I am probably doing something wrong or I must have left out or included some scripts which may or may not be required for the page to work.
Please, I will appreciate if you can give me some directives on how to get this work.

Thanks in advance


<?php require_once('../Connections/spartancare.php'); ?>
<?php require_once( "../WA_SecurityAssist/Helper_PHP.php" ); ?>
<?php
if($_SERVER["REQUEST_METHOD"] == "POST"){
$WA_Auth_Parameter = array(
"connection" => $spartancare,
"database" => $database_spartancare,
"tableName" => "user",
"columns" => explode($WA_Auth_Separator,"FirstName".$WA_Auth_Separator."LastName".$WA_Auth_Separator."Phone".$WA_Auth_Separator."Zipcode"),
"columnValues" => explode($WA_Auth_Separator,"".$_SESSION['FirstName'] ."".$WA_Auth_Separator."".$_SESSION['LastName'] ."".$WA_Auth_Separator."".$_SESSION['Phone'] ."".$WA_Auth_Separator."".$_SESSION['Zipcode'] .""),
"columnTypes" => explode($WA_Auth_Separator,"text".$WA_Auth_Separator."text".$WA_Auth_Separator."text".$WA_Auth_Separator."text"),
"sessionColumns" => explode($WA_Auth_Separator,"FirstName".$WA_Auth_Separator."LastName".$WA_Auth_Separator."Phone".$WA_Auth_Separator."Zipcode"),
"sessionNames" => explode($WA_Auth_Separator,"FirstName".$WA_Auth_Separator."LastName".$WA_Auth_Separator."Phone".$WA_Auth_Separator."Zipcode"),
"successRedirect" => "userEmailPW.php",
"failRedirect" => "verify.php",
"gotoPreviousURL" => FALSE,
"keepQueryString" => TRUE
);

WA_AuthenticateUser($WA_Auth_Parameter);
}

if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
if (PHP_VERSION < 6) {
$theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
}

$theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}
}

$colname_verifyrs = "-1";
if (isset($_SESSION['UserName'])) {
$colname_verifyrs = (get_magic_quotes_gpc()) ? $_SESSION['UserName'] : addslashes($_SESSION['UserName']);
}
mysql_select_db($database_spartancare, $spartancare);
$query_verifyrs = sprintf("SELECT FirstName, LastName, Phone, Zipcode FROM `user` WHERE UserName = %s", GetSQLValueString($colname_verifyrs, "text"));
$verifyrs = mysql_query($query_verifyrs, $spartancare) or die(mysql_error());
$row_verifyrs = mysql_fetch_assoc($verifyrs);
$totalRows_verifyrs = mysql_num_rows($verifyrs);
?>

Below is the action script on the form as you suggested.
<form action="<?php echo((isset($_SERVER["PHP_SELF"]))?$_SERVER["PHP_SELF"]:"") ?>" method="post">

Sign in to reply to this post

Eric Mittman

So in the end you would like the user to fill in the info on this page then check the info to confirm that it is correct for the user rite? You then want to send the user to the email password page if this is the case correct?

If this is the case then you must do more with the recordset you have on the page. You must filter this recordset on all of the entered values that the user submits that you would like to verify. Once the rs is filtered on all of these values you will know that the user matches the user in the db. You can then redirect them to the verify page.

I did not see the recordset filtered in the code you posted, it was only being filtered on session username variable. You must filter it on the other values as well if you are wanting to confirm them.

Once you have the rs in place then you can proceed with the next part which is to have a custom piece of code that checks to see if there is a record in the recordset, if there is then you can send the user off to the verification page. If you wanted to make sure they cannot access the page directly then you will first set a new session variable that will indicate the user has been verified. Then at the top of your email password page you do a custom check for this session variable, if it is not set or does not have a value then you would send the user back to the verification page.

I can cover this last part in more detail with you but I think it would be best to have the other part in place, this will make it much easier to implement this last part. Please post back with any questions that you have about the query and getting the check of the recordset in place before moving onto the email password page.

Sign in to reply to this post

Walikan

Help with Verify Form field Information

Hello Eric,
That's exactly how I wanted the page to function.
I followed your instructions and after playing around with the recordset and session variables, the verify.php worked as was expected. Thanks for your help. But I will still need your help with the custom check for the session variable to be placed at the top of the userEmailPW page so that the user cannot directly access the userEmailPW page.

Secondly, if two of my form fields had a drop down menu each with some challenge questions that must be answered on the sign up page and I choose to include the same form fields in the verify.php page such that if the user happen to forget his or her password, s/he must answer the questions before proceeding to the next page. It is similar to what you are helping me with, but for the fact instead of a field element, it is a menu which contain a series of challenge questions. Do I need to create two columns in my database for the challenge questions and two other columns for the answers and what next? Any help?
Thanks

Sign in to reply to this post

Eric Mittman

For the check of the session variable on the email password page you could just add in a simple if statement like this:

php:
if(!isset($_SESSION['your var']) || $_SESSION['your var'] != 'the value of this var'){
header("Location: your_verify_page.php");
}



This check will make sure that if the user does not have this session variable set or it does not have the correct value the user will be redirected back to your verify page. You would need to fill in the parts about your session variable name, the value and your verify page.

For the question portion of this you will need to have a table in your db with pre-determined questions stored in it. You will need to add columns to your users table to hold a value for the question and another for the answer, you would need a pair of these columns for each security question you want to store for the user.

To use this you would just query your question table based on the question id value stored in the user table, for the answer you would have the user enter it in a text field.

You would then submit the form and attempt to filter a user recordset based on the answers given, then you can proceed with the rest of it. Please let me know if you have any further questions for any part of this.

Sign in to reply to this post

Walikan

Help with Verify Form field Information

Hey Eric,
Thanks once more for your help. You said

  For the check of the session variable on the email password page you could just add in a simple if statement like this:

php:
if(!isset($_SESSION['your var']) || $_SESSION['your var'] != 'the value of this var'){

header("Location: your_verify_page.php");
}


This check will make sure that if the user does not have this session variable set or it does not have the correct value the user will be redirected back to your verify page. You would need to fill in the parts about your session variable name, the value and your verify page.

.  



I have four session variables(FirstName, LastName, Phone and Zipcode) created in my verify.php page I don't know which one to replace in the above quote and I don't know what session value to use. I have simply changed the above quote to:

php:
if(!isset($_SESSION['FirstName']) || $_SESSION['FirstName'] != '1'){

header("Location:verify.php");
}



and placed at the top of the EmailPW Page and when I tried direct access to EmailPW page, I am redirected back to verify.php page(as was expected). But when I tested the verify.php by completing the form fields that match that in the database, I was redirected to verify.php page. I was expected to be redirected to EmailPW page since the form fields match that in the database.
I am surely doing something wrong with the session variable and the value of the session. Do I need to fill in all the session variables in the above quote? Any clue on what I can do?
Thanks in advance

Sign in to reply to this post

Eric Mittman

For the session variable I was thinking that this would be one that you create after the verify page has been submitted and you filter a recordset with the values. If the recordset has a record in it then you would set this session variable and send the user to the profile page.

Do you have the check with the recordset occurring? Are you redirecting the user to the profile page after you check the recordset? If so then you should be able to just add in a session variable of your choice just before the redirect. When you set the variable here you should be able to check it on the profile page with the code from the post. If you have any further problems with this please post back and include the code you have in place for the rs check and the redirect to the profile page.

Sign in to reply to this post

Walikan

Hey Eric,
I am sure my explanation wasn't clear in the previous post. You said:

  So in the end you would like the user to fill in the info on this page then check the info to confirm that it is correct for the user rite? You then want to send the user to the email password page if this is the case correct?  



You quote above is exactly my goal.

You said:

  If this is the case then you must do more with the recordset you have on the page. You must filter this recordset on all of the entered values that the user submits that you would like to verify. Once the rs is filtered on all of these values you will know that the user matches the user in the db. You can then redirect them to the verify page.  



I have a rs that filters all the entered values and that works perfectly. I do not have any problem with that. I have tested it and it is good to go.

Your quote below is where I will need help.

  Once you have the rs in place then you can proceed with the next part which is to have a custom piece of code that checks to see if there is a record in the recordset, if there is then you can send the user off to the verification page. If you wanted to make sure they cannot access the page directly then you will first set a new session variable that will indicate the user has been verified. Then at the top of your email password page you do a custom check for this session variable, if it is not set or does not have a value then you would send the user back to the verification page.

I can cover this last part in more detail with you but I think it would be best to have the other part in place, this will make it much easier to implement this last part. Please post back with any questions that you have about the query and getting the check of the recordset in place before moving onto the email password page.  



Below is the custom check you provided.

  For the check of the session variable on the email password page you could just add in a simple if statement like this:

PHP Code:
if(!isset($_SESSION['your var']) || $_SESSION['your var'] != 'the value of this var'){
header("Location: your_verify_page.php");
}
This check will make sure that if the user does not have this session variable set or it does not have the correct value the user will be redirected back to your verify page. You would need to fill in the parts about your session variable name, the value and your verify page.  


This is where I need your help. Do I need to create a new session variable to replace 'your var' in the above quote? What will be the value of that variable? Kindly give me a step by step procedure to achieve this.
Thanks alot for your kind support.

Sign in to reply to this post

Eric Mittman

Ok, so after your recordset is filtered correctly you will check it to determine that a record has been returned. Here is an example of what that code would look like:

php:
<?php if ($totalRows_your_RS 0) { // if recordset not empty 

   
if(!session_id()) session_start();
   
$_SESSION['your var'] = 1
   header
("Location: your_email_password_page.php");
?>



You would of course need to update this code for the name of your recordset, session variable and email password page. The session variable can have any name that you want, you just need to ensure that you are referencing it the same when you set it and test for it on the email password page.

Sign in to reply to this post
loading

Build websites with a little help from your friends

Your friends over here at WebAssist! These Dreamweaver extensions will assist you in building unlimited, custom websites.

Build websites from already-built web applications

These out-of-the-box solutions provide you proven, tested applications that can be up and running now.  Build a store, a gallery, or a web-based email solution.

Want your website pre-built and hosted?

Close Windowclose

Rate your experience or provide feedback on this page

Account or customer service questions?
Please user our contact form.

Need technical support?
Please visit support to ask a question

Content

rating

Layout

rating

Ease of use

rating

security code refresh image

We do not respond to comments submitted from this page directly, but we do read and analyze any feedback and will use it to help make your experience better in the future.

Close Windowclose

We were unable to retrieve the attached file

Close Windowclose

Attach and remove files

add attachmentAdd attachment
Close Windowclose

Enter the URL you would like to link to in your post

Close Windowclose

This is how you use right click RTF editing

Enable right click RTF editing option allows you to add html markup into your tutorial such as images, bulleted lists, files and more...

-- click to close --

Uploading file...