Be careful with sending sensitive information as POST data with PHP. A user can use a breakpoint like with Charles Proxy to examine and even edit POST data.
http://www.tinywall.info/2014/04/how-to-edit-request-response-hack-tamper-website-any-browser-from-PC-with-Charles.html
http://www.charlesproxy.com/documentation/proxying/breakpoints/
Here's a lesson I learned when launching a BTC game and using POST data instead of a DB to communicate important information.
https://bitcointalksearch.org/topic/m.8959853
They are really good when used positively but their negative usage could make someone to bleed.