ingredients of form submitToken code

In the function form_destroy put:

  $_SESSION['PREPEND_submitToken'] = "";

In the function that produces the form put:

  Manage protection from aborted form since code uses sessions.
  In other words the code which validates the values received from a
  submitted form needs to know that it is not executing after the user
  has come back after a previously abandoned instance of the script
  (another possibility is the user may have attempted to run two
  instance of the script).
  $submitToken = time();
  $_SESSION['PREPEND_submitToken'] = $submitToken;

and (in the form) put:

    <input type="hidden" name="submitToken" value="$submitToken">

In the function that validates put:

  Handle the situation where we have arrived here as a result of the user
  wandering back to the script after giving up in the middle of running it
  earlier when presented with a form (or running multiple instances).
  if (isset($_POST['submitToken'])) {
    $submitToken = $_POST['submitToken'];
  } else {
    $submitToken = "";
  if ($submitToken != $_SESSION['PREPEND_submitToken']) {
    $host = $_SERVER['HTTP_HOST'];
    $uri = $_SERVER['PHP_SELF'];
    header("Location: http://$host$uri");

About samehramzylabib

See About on
This entry was posted in Coding, PHP Form Processing and tagged , , . Bookmark the permalink.


Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s