0

I have a file on my server called "pform.php", this is what it looks like:

<form action="password.php" method="get">
<input type="text" name="password13"/>
<input type="submit" value="Submit!"/>
</form>

I have it transfer to another file called "password.php", this is what it looks like:

<?php

$text=$_GET["password13"];
$right="You entered the right password!";
$wrong="You entered the wrong password!";

if($password13=="test")
{
    echo $right;
}
else
{
    echo $wrong;
}
?>

When I enter the right password, it returns false.

What can I change it so it returns true when I insert the right password?

Improve this question
3
  • 2
    if($password13=="test") ==> if($text=="test") Commented Dec 1, 2011 at 17:03
  • You never declare $password13, you need to use $text, as that's set to $_GET["password13"]. Commented Dec 1, 2011 at 17:04
  • 2
    possible duplicate of php password, compare, return true or false Commented Dec 1, 2011 at 17:07

5 Answers 5

Reset to default
3

You need to access it via $text, since that is the variable you have defined:

$text=$_GET["password13"];

// use $text, not $password13
if($text=="test")
{
    echo $right;
}
else
{
    echo $wrong;
}
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

As noted below, don't use _GET for sensitive information like passwords, I would suggest taking a look at @Jakub's post as this is bad practice as an acceptable answer.
3 
if ($text == "test") 
   echo $right;
else
   echo $wrong;

Change your code to this. Your $password13 variable is not defined

Improve this answer

Comments

1

check for $test, as $password13 does not exist :-)

Improve this answer

Comments

1

I would change your form so that it submit at least as POST, and mask the password by making the input 'password'

<form action="password.php" method="post">
<input type="password" name="password13"/>
<input type="submit" value="Submit!"/>
</form>

Then reference the variable like so:

<?php

$text=$_POST["password13"];
$right="You entered the right password!";
$wrong="You entered the wrong password!";
...

remember to reference $text when you compare your password value.

Improve this answer

Comments

1

Never use $_GET parameters for sensitive data like passwords and such, they are stored inside browser cache, server logs, and are a huge security risk.

Use $_POST like Jakub has written for you above.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.