having a form

There is a particular technique I use with my forms to make sure that when a form is being processed the form submission being processed came from that instance of the form. Each form holds a timestamp in a hidden form field variable. This timestamp will also be stored in a session variable. When, the form is being processed the script will make sure the form field and session timestamps match. The reason I use this technique has to do with anomalies my app has experienced when a user tries to run multiple instances of the same script in their browser and hops from one to the other. Besides this technique which I just pointed out you can see how I use forms in my scripts by looking at the examples shown here.

See the post: ingredients of form submitToken code.

Presenting a Form

function getFileInfoForm() {
  $submitToken = time();
  $_SESSION['EKA_submitToken'] = $submitToken;

  site_header('Edit Knowledge Article');
  $php_self = $_SERVER['PHP_SELF'];
  $page_str = <<<EOPAGESTR

<p>A knowledge article is a PHP script which generates a simple HTML
page for display. Only certain HTML entities arranged in specific
ways are allowed on this kind of page. The script you are looking
at right now is an editor for a knowledge article. It edits the
HTML of a KA.</p>

<form action="$php_self" method="post" class="loginform">
  <fieldset>
  <legend>Specify</legend>
  <div>
    <label for="scriptFileName" class="fixedwidth">File Name</label>
    <input type="text" name="scriptFileName" id="scriptFileName" value="" size="36" maxlength="36"/>
  </div>
  <div>
    <label for="scriptFileDir" class="fixedwidth">Directory Path</label>
    <input type="text" name="scriptFileDir" id="scriptFileDir" value="" size="36" maxlength="90"/>
  </div>
  <div>
    <input type="hidden" name="submitToken" value="$submitToken">
  </div>
  <div class="buttonarea">
    <input type="submit" name="cancel" value="Cancel"/>
    <input type="submit" name="submit" value="Submit"/>
  </div>
  </fieldset>
</form>

EOPAGESTR;
  echo $page_str;
  site_footer();
  return;
}

Processing a Form

function procFileInfoForm() {
  if (isset($_POST['submitToken'])) {
    $submitToken = $_POST['submitToken'];
  } else {
    $submitToken = "";
  }
  if ($submitToken != $_SESSION['EKA_submitToken']) {
    form_destroy();
    $host = $_SERVER['HTTP_HOST'];
    $uri = $_SERVER['PHP_SELF'];
    header("Location: http://$host$uri");
    exit;
  }

  if (isset($_POST['scriptFileName'])) {
    $scriptFileName = $_POST['scriptFileName'];
  } else {
    $scriptFileName = "";
  }
  if (isset($_POST['scriptFileDir'])) {
    $scriptFileDir = $_POST['scriptFileDir'];
  } else {
    $scriptFileDir = "";
  }

  if ( get_magic_quotes_gpc() ) {
    $scriptFileName = stripslashes($scriptFileName);
    $scriptFileDir = stripslashes($scriptFileDir);
  }

  $scriptFileName = trim($scriptFileName);
  $scriptFileDir = trim($scriptFileDir);

  /*
  Validate the scriptFileName by making sure:
    1. It's not too long.
    2. It's not too short.
  */
  $length = strlen($scriptFileName);
  if ($length > 36 OR $length < 1) {
    form_destroy();
    die('Problem with string length. Err 9899986988. -Programmer.');
  }
  /*
  Validate the scriptFileDir by making sure:
    1. It's not too long or short.
    2. It starts with a '/' and ends with a '/'.
  */
  $length = strlen($scriptFileDir);
  if ($length > 90 OR $length < 1) {
    form_destroy();
    die('Problem with string length. Err 3643348226. -Programmer.');
  }
  $beginning = strpos($scriptFileDir, '/');
  $temp = strrpos($scriptFileDir, '/');
  $length = strlen($scriptFileDir);
  $end =  $temp - ($length - 1);

  if ($beginning !== 0 OR $end !== 0) {
    form_destroy();
    die("The path string does not start and end with a '/' (2087). -Programmer.");
  }

  // EXPORTING
  $_SESSION['EKA_scriptFileName'] = $scriptFileName;
  $_SESSION['EKA_scriptFileDir'] = $scriptFileDir;

  return;
}
Advertisements

About samehramzylabib

See About on https://samehramzylabib.wordpress.com
This entry was posted in PHP Form Processing, PHP Script Writing and tagged , , , . Bookmark the permalink.

Comment

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s