0

I have a test.php where user is suppose to complete the form to update limit. Upon submitting, the page will be redirected to example.php where user will have to input one time password. If successful, page will redirect to doTest.php where the limit is updated , if wrong OTP is input, user will have to complete the form again in test.php.

How do I redirect the page from test.php to example.php to doTest.php?

Note that: In my form on test.php, the inputs will POST to doTest.php.

in test.php

            <form method="POST" action=""> 
                <table id="table">
                    <tr>
                        <td class="alt">Existing Daily Limit</td> 
                        <td>S$ <?php echo $dailylimit; ?> </td>
                        <input type="hidden" name="dailylimit" value="<?php echo $dailylimit ?>"/>
                    </tr> 
                    <tr>
                        <td class="alt"><label for="newdailylimit">New Daily Limit</label></td>
                        <td>$ <select name="newdailylimit">
                                <option value="100.00">100.00</option>
                                <option value="500.00">500.00</option>
                                <option value="1000.00">1000.00</option>
                                <option value="5000.00">5000.00</option>
                            </select></td>
                    </tr>
                    <tr>
                        <td class="alt">Amount Debited Today</td>
                        <td>S$ <?php echo $debited_today; ?></td>
                    </tr>
                    <tr>
                        <td class="alt">Amount Debited Left</td>
                        <td>S$ <?php echo ($dailylimit - $debited_today); ?> </td>
                    </tr>
                </table>
                <br/>
                <input type="submit" name="submit" value="Submit">
            </form>

in doTest.php, 

 <?php
          if(isset($_POST['submit'])){
              $dailylimit = $_POST['dailylimit'];
              $newdailylimit = $_POST['newdailylimit'];

               if ($dailylimit != $newdailylimit){
                   $query = "UPDATE user SET daily_limit='$newdailylimit' WHERE user_id='$user_id'";
                   $result = mysqli_query($link, $query) or die(mysqli_error($link));
                   echo "<script>alert('You have successfully updated your daily limit');</script>";
                   echo '<meta http-equiv="refresh" content="0">';

                   }
                   elseif ($dailylimit == $newdailylimit){
                       echo "<script>alert('You have selected the same daily limit as your previous one. Please choose a different one. ');</script>";

                       }
                       else{

                       }         

                       }
            ?>

in example.php,

            <center>

        <form method="POST" action="" onSubmit="return validate(this)" >
            <input type="button" value="Click for OTP" onclick="openotp()" />  <br/>  <br/> 

                <table id="table">
                    <tr>
                        <td class="alt"><label for="otp">Enter the 6-digit iBanking OTP </label></td>
                        <td><input type="password" name="otp" maxlength="6"></td>
                    </tr>
                </table>
            <br/>
            <input type="submit" name="submit" value="Click to submit OTP">
        </form>
            </center> 

            <?php
            $user_id = $_SESSION['user_id'];
         if(isset($_POST['submit'])){
             $otp = $_POST['otp'];

             $query = "SELECT otp FROM user where user_id='$user_id'";
             $result = mysqli_query($link, $query) or die(mysqli_error($link));
             $row = mysqli_fetch_array($result);
             $rand = $row['otp'];

if ($otp == $rand) {
$query = "SELECT * FROM user WHERE user_id='$user_id' AND otp='$otp'";
$result = mysqli_query($link, $query) or die(mysqli_error($link));
echo "<script>location.href='doDailyLimit.php'</script>";


} else  {
    echo "<script>alert('You have keyed in an invalid OTP. Please try again.'); location.href='example.php';</script>";
}

         }

         ?>
user3210617
  • 67
  • 2
  • 3
  • 7

2 Answers2

1

First save the data in sessions in test.php. Add them to database, only after checking if the otp is correct.

In the beginning of test.php add the following code and set action="test.php"

In this way you won't need a third file.

if(isset($_POST['submit'])){ //form has been submitted
    if($_POST['dailylimit'] == $_POST['newdailylimit']){
        echo "<script>alert('You have selected the same daily limit as your previous one. Please choose a different one. ');</script>";
    } else {
        //you can store 'dailylimit' the same way, but i suppose you won't be needing it anymore.
        $_SESSION['newdailylimit'] = $_POST['newdailylimit'];
        header("Location : example.php"); //this will take you to example.php
    }
}

In example.php you need to check if the otp is correct. So set action="example.php" and add the following code to the beginning of example.php

if(isset($_POST['submit'])){  // form has been submitted.
    $otp = $_POST['otp'];
    //now check $otp against your database to see if its correct.
    //your database code goes here.
    if(//otp is right ){
        $newdailylimit = $_SESSION['newdailylimit'];  //it was stored in test.php
        //similarly store your user_id from session.
        //insert newdailylimit into database.
    } else { // which means otp is wrong
        header("Location : test.php?otp=0");
        /* by seding otp=0 you can let the user in test.php know that you were redirected back because your otp was wrong.
        you can add the following code in the beginning of test.php , which will show the message that otp was wrong.
        and they have to go through the whole process again.

        if(isset($_GET['otp'])){
            if($_GET['otp']==0){
                echo "<script>alert('You have provided wrong otp. blah bla...');</script>";
            }
        }
        */
    }
}
Kumar
  • 3,116
  • 2
  • 16
  • 24
0

save your data in $_SESSION, go, using header('Location: next-page.php'), to the next page check for password and if password is ok and session data available save the data otherwise clear the session and redirect to first page.

Marius.C
  • 700
  • 6
  • 14
  • How do I save my data in $_SESSION? And where should I insert header('Location: next-page.php')? – user3210617 Jan 30 '14 at 20:41
  • is this your script ? I see you already use data from session. next-page.php is a generic name. you need to use your page names. – Marius.C Jan 30 '14 at 20:45
  • So instead using POST, I should store the form values on session> – user3210617 Jan 30 '14 at 20:51
  • there are too many things to explain.. sorry. http://stackoverflow.com/questions/3791414/storing-form-data-as-a-session-variable have a look how to store data in session – Marius.C Jan 30 '14 at 20:53