|
PHP - Show Selected On Form Via Session == True
if the session is true $_SESSION['frommonth'] i want it to show the selected session
Code: [Select] <select name="from_month" id="from_month"> <option value="<?php echo $_SESSION['frommonth'];?>" selected="selected">mm</dd> <?for ($i=1;$i<=12;$i++):?> <option value="<?=$i?>"><?=$months[$i]?></dd> <?endfor;?> </select> how could i do this? Similar TutorialsHi all I am trying to get my drop down menu to use a session variable as the selected menu option. Here's my code: echo "<option value=\"\">Delivery Area</option>"; $selected = ""; if(isset($_SESSION['postal_area']) && $_SESSION['postal_area'] == "England") { $selected = "selected"; } elseif(isset($_SESSION['postal_area']) && $_SESSION['postal_area'] == "Wales") { $selected = "selected"; } elseif(isset($_SESSION['postal_area']) && $_SESSION['postal_area'] == "Scotland") { $selected = "selected"; } else { $selected = ""; } echo " <option value=\"England\" selected=\"".$selected."\">England</option>"; echo "<option value=\"Scotland\" selected=\"".$selected."\">Scotland</option>"; echo "<option value=\"Wales\" selected=\"".$selected."\">Wales</option>"; echo "</select>"; However, this shows the 'Wales' one all the? Please help! Many thanks Pete friend the code display all the managers name
<?phpand the variable below displays the result $Manager= $row['Manager'] ; but how do i do it on the above dropdown list the it shows which result is in the $Manager variable? Hi all, I am trying to make a members details section that can be updated. I want to be able to "SELECT * FROM users WHERE email='$email'" and then show the values that can be changed in a html drop down box with the selection that was made when the user registered already selected="selected"; You will be able to see what I am attempting to do below. <?php $sql = "SELECT manufacturer FROM table1 WHERE email=$'email'"; $result = mysqli_query($cxn,$sql); $row = mysqli_fetch_assoc($result); foreach manufacturer in table1 { if table1.manufacturer = table2.manufacturer { echo '<option name="manufacturer" selected="selected" value"$row['manufacturer']"</option>'; } else { echo '<option name="manufacturer" value"$row['manufacturer']"</option>'; } } ?> I have a form gathering data from the database. There is one field 'country' which is a combo box. The combo box is populated from the countries table which joins the customers table to provide the country specific to the customer. I'm trying to have the combo box display the country associated with the customer. I think I'm close in my code, but unsure. This is a playground to so I can implement on our other site.
<?php
require_once('database.php');
$sql2 = "SELECT * From countries
";
$countries = $db->query($sql2);
if(isset($_GET['customerID'])) {
$customerID = filter_input(INPUT_GET, 'customerID', FILTER_SANITIZE_NUMBER_INT);
$sql = "SELECT * FROM customers WHERE customerID =$customerID ";
//$sql2 = "SELECT * From countries
//INNER JOIN customers ON countries.countryCode=customers.countryCode
//WHERE customers.customerID = $customerID";
$stmt = $db->query($sql);
}
if(isset($_GET['customerID'])){
$customerID = filter_input(INPUT_GET, 'customerID', FILTER_SANITIZE_NUMBER_INT);
$countryQuery = "
{$sql2} INNER JOIN customers ON countries.countryCode = customers.countryCode WHERE customers.customerID = $customerID";
$countriesQuery = $db->prepare($countryQuery);
$countriesQuery->execute(['customerID' => $_GET['customerID']]);
$selectedCountry = $countriesQuery->fetch(PDO::FETCH_ASSOC);
var_dump($selectedCountry);
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<!-- the head section -->
<head>
<title>My Guitar Shop</title>
<link rel="stylesheet" type="text/css" href="main.css" />
</head>
<!-- the body section -->
<body>
<div id="page">
<div id="header">
<h1>SportsPro Technical Support</h1>
<p>Sports management software for the sports enthusiast.</p></h1>
</div>
<div id="main">
<h1>View/Update Customer</h1>
<form action="update.php" method="get" >
<?php
?>
<div id="content">
<!-- display a table of products -->
<h2>Customers</h2>
<form name="customerInfo">
<?php foreach ($stmt as $cust) { ?>
<div>
<label>First Name</label>
<input type="text" name="name" class ="form-control" value ="<?php echo $cust['firstName']; ?>">
</div><br>
<div>
<label>Last Name</label>
<input type="text" name="name" class ="form-control" value ="<?php echo $cust['lastName']; ?>">
</div><br>
<div>
<label>Address</label>
<input type="text" name="address" class ="form-control" value ="<?php echo $cust['address']; ?>">
</div><br>
<div>
<label>City</label>
<input type="text" name="city" class ="form-control" value ="<?php echo $cust['city']; ?>">
</div><br>
<div>
<label>State</label>
<input type="text" name="state" class ="form-control" value ="<?php echo $cust['state']; ?>">
</div><br>
<form action="update.php" method="get">
<select name="country">
<option value=""></option>
<?php
foreach ($countries->fetchAll() as $country): ?>
<option value="<?php echo $country['customerID']; ?>
<?php echo isset($customerID) == $selectedCountry['customerID'] ? ' selected':''?>
"><?php echo $country['countryName']; ?></option>
<?php endforeach;?>
</select>
</form>
</div>
<br>
<div>
<label>Country Code</label>
<input type="text" name="countryCode" class ="form-control" value ="<?php echo $cust['countryCode']; ?>">
</div><br>
<div>
<label>Zip Code</label>
<input type="text" name="postalCode" class ="form-control" value ="<?php echo $cust['postalCode']; ?>">
</div><br>
<div>
<label>Email </label>
<input type="text" name="email" class ="form-control" value ="<?php echo $cust['email']; ?>">
</div><br>
<div>
<label>Phone Number </label>
<input type="text" name="phone" class ="form-control" value ="<?php echo $cust['phone']; ?>">
</div><br>
<div>
<label>Password </label>
<input type="text" name="password" class ="form-control" value ="<?php echo $cust['password']; ?>">
</div><br>
<div>
<?php }
?>
</div>
</div>
<form action="UpdateCustomer.php" method="get">
<input type="submit" name="data" value="Update_Data"></input>
</form>
<div id="footer">
<p>
© <?php echo date("Y"); ?> SportsPro, Inc.
</p>
</div>
</div><!-- end page -->
</body>
</html>
I have written my index.php script where after verifying the password the script displays the user's name. But the user name is not displayed by it. Here is my script Code: [Select] <html> <head> <script type="text/javascript"> function a() { var x = document.register.username.value; var y = document.register.pass.value; var z = document.register.pass2.value; if(x==""&& y==""&& z=="") { alert("Please insert all message!"); return false; } if(x=="") { alert("Please insert an username!"); return false; } if(y=="") { alert("Please insert an password!"); return false; } if(z=="") { alert("Please insert an password2!"); return false; } if (y!=z) { alert("Your passwords did not match"); return false; } } </script> </head> <?php mysql_connect("localhost","root") or die(mysql_error()); mysql_select_db("cute") or die(mysql_error()); if (isset($_POST["sub"])) { $_POST['pass'] = md5($_POST['pass']); if (!get_magic_quotes_gpc()) { $_POST['username'] = addslashes($_POST['username']); $_POST['pass'] = addslashes($_POST['pass']); } $usercheck = $_POST["username"]; $check = mysql_query("SELECT username FROM regis WHERE username = '$usercheck'") or die(mysql_error()); $check2 = mysql_num_rows($check); //if the name exists it gives an error if ($check2 != 0) { echo("<SCRIPT LANGUAGE='JavaScript'>window.alert('Sorry, the username" ." ".$usercheck." ". "is already in use.')</SCRIPT>"); echo ("<SCRIPT LANGUAGE='JavaScript'>setTimeOut(window.location = 'registration.php',1)</script>"); } else if($_POST['username'] && $_POST['pass'] && $_POST['pass2'] ) { $insert = "INSERT INTO regis(username, password) VALUES ('".$_POST['username']."', '".$_POST['pass']."')"; $add_member = mysql_query($insert); echo("<SCRIPT LANGUAGE='JavaScript'>window.alert('Registration had been succesfully added :)')</SCRIPT>"); } } ?> <body> <form name="register" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>" onsubmit="return a()"> <table border='0'> <tr><td>Username:</td><td><input type="text"name="username" maxlength="60"></td></tr> <tr><td>Password:</td><td><input type="password" name="pass" maxlength="10"></td></tr> <tr><td>Confirm Password:</td><td><input type="password" name="pass2" maxlength="10"></td></tr> <tr><th colspan=2><input type="submit" name="sub" value="Register"></th></tr></table> </form> </body> </html> This my registration page can you show how to redirect to login.php using $SESSION and also it kept the username information in session show list of files uploaded by current session user to the database. I want to show different users when they log in to the website...they can see a list of old files that they have uploaded. can anyone tell me the code/script to this.....please, ty $looponce = 1; foreach ($this->info as $k => $v) { if ( (($k == 'subject') && ($v['required'])) && (!$this->settings['customSubject'])) { for ($i = 0; $i <= 0; $i++) { $output[] = $this->display_errors('error_system_subject'); } } if ( (($k == 'name') && (!$v['required'])) || ((!array_key_exists("name", $this->info)) && ($looponce == 1)) ) { $output[] = $this->display_errors('error_system_name'); $looponce++; } } That is my loop that i check things in. What i'm more interested in is the name if statement. If currently checks for a name key in an array(below) and makes sure that it is set to required. If it's not set to required, print out a system error and die()'s. I'm looking for ways to remove the need for program errors and just change them to what is needed to run. What i know how to do is, get into the inner array, what i don't know is how to edit the data and put it back exactly as it was given to me. The inner array data can be put back in any order, but the outer array must be in exact order as it was given. above code $this->info = $formdata; $formdata = array( 'name' => array('name'=>"Full Name", 'required'=>false, 'type'=>'text'), # This needs to be required=>true, but i can't trust the user, which is why i have the error. 'telephone' => array('name'=>"Telephone", 'required'=>false, 'type'=>'phone'), ); Any help is greatly appreciated, also am i doing the foreach loop in the code above in an efficient manner or is there another way? Hi , I know my code sucks but i'm learning fast!! I'm trying to show a form if the qty value in a database == 10 or a different form if the value ==20. I tried but failed. Any help really appreciated. Code: [Select] <?php require_once('Connections/book.php'); ?> <?php $colname_cardpayment = "-1"; if (isset($_GET['orderid'])) { $colname_cardpayment = (get_magic_quotes_gpc()) ? $_GET['orderid'] : addslashes($_GET['orderid']); } mysql_select_db($database_book, $book); $query_cardpayment = sprintf("SELECT * FROM cards WHERE orderid = '%s' ORDER BY qty ASC", $colname_cardpayment); $cardpayment = mysql_query($query_cardpayment, $book) or die(mysql_error()); $row_cardpayment = mysql_fetch_assoc($cardpayment); $totalRows_cardpayment = mysql_num_rows($cardpayment); // Database connect $con = mysql_connect("mysql1.myhost.ie","admin_book","root123"); if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db("book_test", $con); //Parse Values from Coupon.php Form $orderid = mysql_real_escape_string(trim($_POST['orderid'])); $name = mysql_real_escape_string(trim($_POST['name'])); $surname = mysql_real_escape_string(trim($_POST['surname'])); $add1 = mysql_real_escape_string(trim($_POST['add1'])); $add2 = mysql_real_escape_string(trim($_POST['add2'])); $town = mysql_real_escape_string(trim($_POST['town'])); $county = mysql_real_escape_string(trim($_POST['county'])); $postcode = mysql_real_escape_string(trim($_POST['postcode'])); $phone = mysql_real_escape_string(trim($_POST['phone'])); $email = mysql_real_escape_string(trim($_POST['email'])); $letterstyle = mysql_real_escape_string(trim($_POST['letterstyle'])); $sql="INSERT INTO custdetails (orderid, name, surname, add1, add2, town, county, postcode, phone, email, letterstyle) VALUES ('$orderid','$name','$surname','$add1','$add2','$town','$county','$postcode','phone','$email','$letterstyle')"; if (!mysql_query($sql)) { die('Error: ' . mysql_error()); } ?> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <title>Digital Scribe Books</title> <link href="style.css" rel="stylesheet" type="text/css" /> <script type="text/javascript"> function MM_preloadImages() { //v3.0 var d=document; if(d.images){ if(!d.MM_p) d.MM_p=new Array(); var i,j=d.MM_p.length,a=MM_preloadImages.arguments; for(i=0; i<a.length; i++) if (a[i].indexOf("#")!=0){ d.MM_p[j]=new Image; d.MM_p[j++].src=a[i];}} } function MM_swapImgRestore() { //v3.0 var i,x,a=document.MM_sr; for(i=0;a&&i<a.length&&(x=a[i])&&x.oSrc;i++) x.src=x.oSrc; } function MM_findObj(n, d) { //v4.01 var p,i,x; if(!d) d=document; if((p=n.indexOf("?"))>0&&parent.frames.length) { d=parent.frames[n.substring(p+1)].document; n=n.substring(0,p);} if(!(x=d[n])&&d.all) x=d.all[n]; for (i=0;!x&&i<d.forms.length;i++) x=d.forms[i][n]; for(i=0;!x&&d.layers&&i<d.layers.length;i++) x=MM_findObj(n,d.layers[i].document); if(!x && d.getElementById) x=d.getElementById(n); return x; } function MM_swapImage() { //v3.0 var i,j=0,x,a=MM_swapImage.arguments; document.MM_sr=new Array; for(i=0;i<(a.length-2);i+=3) if ((x=MM_findObj(a[i]))!=null){document.MM_sr[j++]=x; if(!x.oSrc) x.oSrc=x.src; x.src=a[i+2];} } </script> </head> <body onload="MM_preloadImages('images/buttons/home_over.png','images/buttons/books_over.png','images/buttons/cards_over.png','images/buttons/letters_over.png')"> <div id="snow"> <div id="wrapper"> <div id="header"> <div id="logo"><img src="images/digital_scripe.png" width="218" height="91" /></div> <div id="menu"><a href="index.php" onmouseout="MM_swapImgRestore()" onmouseover="MM_swapImage('Home','','images/buttons/home_over.png',1)"><img src="images/buttons/home_act.png" name="Home" width="131" height="132" border="0" id="Home" /></a><a href="books.php" onmouseout="MM_swapImgRestore()" onmouseover="MM_swapImage('Books','','images/buttons/books_over.png',1)"><img src="images/buttons/books_act.png" name="Books" width="131" height="132" border="0" id="Books" /></a><a href="cards.php" onmouseout="MM_swapImgRestore()" onmouseover="MM_swapImage('Cards','','images/buttons/cards_over.png',1)"><img src="images/buttons/cards_act.png" name="Cards" width="131" height="132" border="0" id="Cards" /></a><a href="letters.php" onmouseout="MM_swapImgRestore()" onmouseover="MM_swapImage('Letters','','images/buttons/letters_over.png',1)"><img src="images/buttons/letters_act.png" name="Letters" width="131" height="132" border="0" id="Letters" /></a></div> </div> <div id="content"> <?php echo 'Order ID is : '. $orderid . '.<br />'; if ($row2['qty'] == 10) echo "<div> <form action="https://www.paypal.com/cgi-bin/webscr" method="post"> <input type="hidden" name="cmd" value="_xclick"> <input type="hidden" name="business" value="accounts@agraphics.ie"> <input type="hidden" name="lc" value="IE"> <input type="hidden" name="item_name" value="10 Christmas Cards"> <input type="hidden" name="item_number" value="<? echo $orderid; ?>"> <input type="hidden" name="amount" value="12.99"> <input type="hidden" name="currency_code" value="EUR"> <input type="hidden" name="button_subtype" value="services"> <input type="hidden" name="shipping" value="2.99"> <input type="hidden" name="return" value="http://www.digitalscribe/thanks.php"> <input type="hidden" name="bn" value="PP-BuyNowBF:btn_buynowCC_LG.gif:NonHosted"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_buynowCC_LG.gif" border="0" name="submit" alt="PayPal - The safer, easier way to pay online!"> <img alt="" border="0" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form> </div>"; if ($row2['qty'] == 20) echo "<div> <form action="https://www.paypal.com/cgi-bin/webscr" method="post"> <input type="hidden" name="cmd" value="_xclick"> <input type="hidden" name="business" value="accounts@agraphics.ie"> <input type="hidden" name="lc" value="IE"> <input type="hidden" name="item_name" value="20 Christmas Cards"> <input type="hidden" name="item_number" value="<? echo $orderid; ?>"> <input type="hidden" name="amount" value="21.99"> <input type="hidden" name="currency_code" value="EUR"> <input type="hidden" name="button_subtype" value="services"> <input type="hidden" name="shipping" value="2.99"> <input type="hidden" name="return" value="http://www.digitalscribe/thanks.php"> <input type="hidden" name="bn" value="PP-BuyNowBF:btn_buynowCC_LG.gif:NonHosted"> <input type="image" src="https://www.paypalobjects.com/en_US/i/btn/btn_buynowCC_LG.gif" border="0" name="submit" alt="PayPal - The safer, easier way to pay online!"> <img alt="" border="0" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form> </div>"; ?> </div> <div id="footer" class="clear"><div id="sign"><div id="sign_text">Personalised<br /> Books</div> </div></div> </div></div> </body> </html> <?php mysql_free_result($cardpayment); ?> Hi guys, I need my select dropdown to show the relevant option. I am using a GET action to pass the id of an article to another page (edit article page) with this i am selecting that specific record and passing it's data into form object in order to be modified and updated. The only issue is my category list is a dropdown and i need it to display the relivent category for that specific record. hope that makes sence Hi, I have an html form in "send.htm" that sends data to "retrieve.php" with the following structu send.htm: Code: [Select] <html> <body> <form method="post" action="retrieve.php" <select id='select' name='select' > <option>option1</option> <option>option2</option> <option>option3</option> <option>etc...</option> </select> <input type="submit"> </form> </body> </html> retrieve.php: Code: [Select] <?php $selectedoption = $_POST['select']; print" <html> <body> <select id='select' name='select' > <option>option1</option> <option>option2</option> <option>option3</option> <option>etc...</option> </select> </body> </html> "; ?> How do I specify that the select menu in retrieve.php should have the option selected that was chosen from the select menu in send.htm? I'm guessing this is probably quite straightforward, but I can't quite work it out. Please help! Thanks. I got a form which people can use to send a request for information to one or more recipients, depending on which recipients have been selected in the form. At the moment the HTML checkboxes all have a different name attribute and e-mails are sent using an if statement: <input type="checkbox" name="mr-a" value="A" /> A<br /> <input type="checkbox" name="mr-b" value="B" /> B<br /> <input type="checkbox" name="mr-c" value="C" /> C<br /> if (isset($_POST['mr-a'])) { // Send e-mail to A } if (isset($_POST['mr-b'])) { // Send e-mail to B } if (isset($_POST['mr-c'])) { // Send e-mail to C } I'm sure there's a much better way of doing this, and I think I should start by creating an array of checkboxes. But I can't figure out how to then use a loop to send the e-mails. Here's the code I got so far. I'm hoping that all I need is a loop where is says 'Send e-mails using a foreach loop?': <?php // Minimal validation: if (isset($_POST['submit'])) { $errors = array(); if (!$_POST['name'] ) { $errors[] = 'Error: no name entered'; } else { $name = $_POST['name']; } if (!$_POST['email'] ) { $errors[] = 'Error: no e-mail address entered'; } else { $email = $_POST['email']; } if (!count($errors)) { // Send e-mails using a foreach loop? } ?> <!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8" /> <title>Lorem Ipsum</title> <!--[if lt IE 9]><script src="http://html5shiv.googlecode.com/svn/trunk/html5.js"></script><![endif]--> <link rel="stylesheet" href="style.css" type="text/css" /> </head> <body id="index" class="home"> <h1>Lorem Ipsum</h1> <p>Confirmation message.</p> </body> </html> <?php // Get out! exit(0); } ?> <!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8" /> <title>Lorem Ipsum</title> <!--[if lt IE 9]><script src="http://html5shiv.googlecode.com/svn/trunk/html5.js"></script><![endif]--> <link rel="stylesheet" href="style.css" type="text/css" /> </head> <body id="index" class="home"> <h1>Lorem Ipsum</h1> <p>Contact A, B and/or C.</p> <?php if (isset($errors)) { foreach ($errors as $error) { echo("<p class=\"red\">$error<p>"); } } ?> <form method="post" action="<?php echo htmlentities($_SERVER['PHP_SELF']); ?>"> <fieldset> <legend>Who do you want to contact</legend> <input type="checkbox" name="mr[]" value="A" /> A<br /> <input type="checkbox" name="mr[]" value="B" /> B<br /> <input type="checkbox" name="mr[]" value="C" /> C<br /> </fieldset> <br /> <fieldset> <legend>Your Details</legend> <label for="name">Name</label><input type="text" name="name" value="<?php if (isset($_POST['name'])) {echo $_POST['name'];}?>"><br /> <label for="email">Email</label><input type="email" name="email" value="<?php if (isset($_POST['email'])) {echo $_POST['email'];}?>"><br /> <input type="submit" name="submit" value="Next" /> </fieldset> </form> </body> </html> Hi I have a list of states using the array method in a form. The drop down menu works fine. I want to save the user choice,if the form is re-displayed due to a blank field or pattern mismatch. I know I can use the selected=selected, but don't know wher to put the statement: My array is: state_province = array ("list of states", "provinces") Var in my labels array is "state"=>"state" Here is my code for the select/option statement: { if($field == "state") { echo "<div class='province_state'><label for='state' size='10'>* Province/State</label><select>"; foreach($state_province as $state) { echo "\n<option value='$state_province' /> "; echo $state ; echo "</option>"; } echo "</select></div>\n"; } ?Is this the correct code to add and where would I add it? if(@$_POST['state'] == $value) { echo "selected='selected' "; } Hello, any help would be greatly appreciated. I have two dropdowns with 2 options in each. Customer picks one option from each dropdown and the form gets emailed to addresses from the two selections. The code below gives and error. My form: <form method="POST" action="quote.php" onsubmit="return checkform(this)"> <input type="hidden" name="agent" value="recipient_1,recipient_2"> <input type="hidden" name="office" value="recipient_3,recipient_4"> <select name="agent" id="agent"> <option value="recipient_1">Agent1 </option> <option value="recipient_2">Agent2 </option> </select> <select name="office" id="office"> <option value="recipient_3">Location1 </option> <option value="recipient_4">Location2 </option> </select> <input type="submit" name="submit" value="Submit"> </form> quote.php is below: $recipients = array( 'recipient_1' => 'email_1@yahoo.com', 'recipient_2' => 'email_2@yahoo.com', 'recipient_3' => 'email_3@yahoo.com', 'recipient_4' => 'email_4@yahoo.com', ); $exploded_recipients = explode(",",$_REQUEST['agent']); foreach($exploded_recipients as $value) { $my_email = $recipients[$value]; $success = mail($my_email, $Subject, $Body, "From: <$EmailFrom>"); } Thanks in advance I have a form that has a section where you can pick multiple check boxes and when the info is returned to me it has the word Array at the end of it. There are 2 check boxes on the form one fo Steve and one for Ben Below is the code I am using in my PHP file foreach($_POST['TestGroup'] as $val) { echo $val . "\n"; } The output from the PHP code is----Steve Ben Array.------ How do I keep Array from coming up? I have a form on page 1 that submits to page 2, then on to page 3, 4 and 5. On each page more data is collected, then page 5 puts it all into its respective place in the database. I'm trying to prevent a duplicate entry from someone hitting the back button, and I've seen suggestions to do it with sessions and a uniqid. I'm not versed in sessions, so my first question is, because I'm not submitting to the same page, where do I put the session? on page 2 or page one? Right now, on page one, all I have is: Code: [Select] <?php session_start(); include("dbconnection.php"); ?> <!-- a bunch of javascript form validation, html code and the form --> <?php $unique_id = uniqid (rand (),true); $_SESSION['unique_id']=$unique_id; ?> <form name="register1" class="registration_form" method="post" action="register2test.php" target="_self" onsubmit="return myForm()"> <input type="hidden" name="unique_id" id="unique_id_form" value="<?php echo $unique_id; ?>" > <input type="submit" value="Submit" class="buttontype"/> </form> on page two, I'm assuming, it's something similar to... Code: [Select] <?php session_start(); if (isset($_POST["submit"])) { if ($_POST["unique_id_form"] == $_SESSION["unique_id"]) { $_SESSION["unique_id"] = ''; /*set variables here ? */ } else echo 'error'; } else { $_SESSION["unique_id"] = uniqid (rand (),true); ?> I am trying to learn how to program in PHP. For a long time i was using WAMP and my localhost. When i ran into trouble i searched the web, watched videos and eventually find a solution.
Trying to upload my scripts into a shared hosting web server i had some difficulties in basic things, like using $_SESSION superglobal variable.
What i want to do is to use a hidden field with a value inside a form, and after submitting the form, to compare the $_SESSION variable to the $_POST variable in order to check for CSRF.
<?php
//call all custom functions
require_once('Custom_Functions/functions.php');
//session must be send before HTML headers
secure_session_start();
?>
<!DOCTYPE html>
<html lang="en">
<body>
<?php
if(isset($_POST['submit']))
{
$postvalue = $_POST['input1'];
$sessionvalue = $_SESSION['hashed_token'];
echo '<br />==========================<br />';
echo '<br />AFTER PRESSING SUBMIT<br />';
echo '<br />==========================<br />';
echo 'Value of $_POST["hashed_token"] = '.$postvalue.'<br />';
echo 'Value of $_SESSION["hashed_token"] = '.$sessionvalue.'<br />';
}
$hashed_token = hash('sha256', uniqid(mt_rand(), TRUE));
$_SESSION['hashed_token'] = $hashed_token;
echo '<br />==========================<br />';
echo '<br />BEFORE PRESSING SUBMIT<br />';
echo '<br />==========================<br />';
echo '<br />Value of $_SESSION["hashed_token"] = '.$hashed_token.'<br />';
?>
<form action="" method="POST">
<input type="hidden" name="input1" value="<?php echo $hashed_token; ?>" />
<p><input type="submit" name="submit" /></p>
</form>
</body>
</html>
In this script i have 1 custom function:
a) secure_session_start()
function secure_session_start(){
//Set a custom session name
$session_name = 'TESTSESSID';
ini_set('session.use_only_cookies', 1);
ini_set('session.entropy_file', '/dev/urandom');
if (in_array('sha512', hash_algos())) {
ini_set('session.hash_function', 'sha256');
}
ini_set('session.use_trans_sid', 0);
ini_set('session.hash_bits_per_character', 5);
ini_set('session.cookie_secure', 1);
$secure = TRUE;
$httponly = TRUE;
$cookieParams = session_get_cookie_params();
session_set_cookie_params($cookieParams['lifetime'], $cookieParams['path'], $cookieParams['domain'], $secure, $httponly);
session_name($session_name);
ini_set("session.save_path", "/home/SESSIONS");
session_start();
}
The procedure goes as follows:
FIRST COMMUNICATION WITH THE SERVER:
The superglobal variable $_SESSION['hashed_token'] is assigned the random hash value, which is then passed to the hidden input field. I then echo it.
RESULT:
==========================BEFORE PRESSING SUBMIT ========================== Value of $_SESSION["hashed_token"] = 93438a1b9b72085ce9430291acebdc4cfdee9d001b91a26207aebc22e04689fc SECOND COMMUNICATION WITH THE SERVER: The user press the submit button, the script then checks if the submit button is pressed, and gets in the if statement(because is TRUE). Then i collect the $_POST and $_SESSION values and echo them. New random hash is assigned to the $_SESSION superglobal variable. RESULT: ========================== AFTER PRESSING SUBMIT ========================== Value of $_POST["hashed_token"] = 93438a1b9b72085ce9430291acebdc4cfdee9d001b91a26207aebc22e04689fc Value of $_SESSION["hashed_token"] = 8f176aeb3a09a1b30e0ea862c78625d7c11743da933d366cface3fa238388e57 ========================== BEFORE PRESSING SUBMIT ========================== Value of $_SESSION["hashed_token"] = c3442382b146f03394ad86911018247c57fa19d4a653d0bf6bb9bc7506e88ca0 For me this is very weird. The random hash is assigned to the $_SESSION variable, but when i try to call it after the submit is pressed its giving me a complete different value. If i remove the function secure_session_start() and just use session_start() it works: RESULT (using session_start() ) ========================== AFTER PRESSING SUBMIT ========================== Value of $_POST["hashed_token"] = a5eaaaa38c428af623a599e664ea9c64a2ff0674e18e9250c54e52bbc586b614 Value of $_SESSION["hashed_token"] = a5eaaaa38c428af623a599e664ea9c64a2ff0674e18e9250c54e52bbc586b614 ========================== BEFORE PRESSING SUBMIT ========================== Value of $_SESSION["hashed_token"] = e2d4acc239a747217860d71a80553abd41142dbeb8f6fafab511caff8a081fc4 Any ideas why this is happening? The problem is inside the secure_session_start() function but i cant find out why. Also, when i use the secure_session_start() function and more specifically the ini_set("session.save_path", "/home/SESSIONS"); i am forcing the session to be stored inside the /home/SESSIONS folder. But when i only use the session_start() the session i still gets stored inside that path. I checked my .htaccess and there is nothing storing the sessions in that folder. Why is that? One last thing: When using FIREBUG-->Cookies is see 2 names: the custom one (TESTSESSID) and PHPSESSID(which is the default). Shouldnt i only see the custom session name only? Thanks in advance. Record set has 2 text fields in the form which is set in a full repeat recordset browse. So, we get a long list of every record in the database. However, I want to be able to click on a single record and make another page appear. I can do this if the display is set as a table without using a text field form -- just the record variable and using a hyperlink. But, I want to use the text field. Wrapping the form only gets me the value of the last record displayed. Help would be appreciated. |
|||||||