Mystery form fields
Posted: Sat Feb 13, 2010 11:59 pm
I have said generated page of various php files.
Source:
The <form name='createAlert' action='?a=createAlert' method='post'> is where things get interesting.
You can see when the form is submitted, there should only be 4 fields in $_POST:
title,message,endDate,createAlertAuth
Here is the mysterious part, on the page after being submitted i am receiving 2 extra form fields being submitted.
(Source for ?a=createAlert):
Output of the var_dump($_POST);
Now if you didn't spot the problem, you will notice there are the 2 extra fields (username, password). These 2 fields don't occur anywhere on the page where the information is being submitted from, nor should the file where these 2 fields are located be included and the fact that there is a logout form in place of where the login form would appear if the user is not logged in, proves that the login form is not being included.
Could someone possibly point me in the direction where these fields are even coming from??
Source:
Code: Select all
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <meta name="Description" content="Information architecture, Web Design, Web Standards." /> <meta name="Keywords" content="your, keywords" /> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <link type="text/css" rel="stylesheet" href="./images/Envision.css" /> <link type="text/css" rel="stylesheet" href="./inc/js/theme/ui-lightness/jquery-ui.css" media="all" /> <link type="text/css" rel="stylesheet" href="./inc/js/theme/ui-lightness/ui.datepicker.css" media="all" /> <script type="text/javascript" src="./inc/js/jquery.js"></script> <script type="text/javascript" src="./inc/js/jquery.ui.core.js"></script> <script type="text/javascript" src="./inc/js/jquery.ui.datepicker.js"></script> <script type="text/javascript" src="./inc/js/showhide.js"></script> <title>WeiryNet</title> <style type="text/css"> .showhide{position:absolute;margin-top:2px;margin-left:485px} .title{position:absolute;margin-left:5px;margin-top:5px;font-weight:bold} .header{background:#edfdce;width:100%;height:25px;} .header2{background:#fdcece;width:100%;height:25px;} .container{position:absolute;width:500px;height:400px;overflow:auto;} #postFont{padding-left:10px;padding-right:10px;padding-bottom:10px;font-family:Verdana;font-size:12px;} .paragraph1{margin-left:15px;margin-right:15px;margin-top:5px;} .paragraph2{margin-left:15px;margin-right:15px;margin-top:5px;} .paragraph3{margin-left:15px;margin-right:15px;margin-top:5px;} </style> </head><!-- Head data ends here --> <body> <!-- wrap starts here --> <div id="wrap"> <!--header --> <div id="header"> <h1 id="logo-text"><a href="./">maintenance</a></h1> <p id="slogan">maintenance for your business...</p> <div id="header-links"> <form action="#" method="get" class="searchform" > <p> <a href="./">Home</a> | <a href="./">Contact</a> | <a href="./">Site Map</a> </p> </form> </div> </div> <!-- menu --> <div id="menu"> <ul> <li id="current"><a href="./">Home</a></li> <li><a href="./">Support</a></li> <li class="last"><a href="./">About</a></li> </ul> </div> <!-- end header --> <!-- alerts --> <div id='alerts'> <p><a href='?p=alerts'> <strong>ALERT: A vaccine for YOU GOT AIDS has been found</strong> </a></p> <!-- alerts end here --> </div> <!-- content-wrap starts here --> <div id="content-wrap"> <!-- Start the sidebar --> <div id="sidebar"> <h4>User Options</h4> <form name="logoutForm" action="tpl/logout.php" method="post" class="loginform"> <ul class="sidemenu"> <li><a href='./?a=acp'>Admin Control Panel</a></li> <li><a href='./?a=createAlert'>Create New Alert</a></li> <li>Your Jobs</li> <li>Recent Job Updates</li> <li><input name="loginAuth" class="button" value="Logout" type="submit" /></li> </ul> </form> <h3>Sidebar Menu</h3> <ul class="sidemenu"> <li><a href="index.html">Home</a></li> <li><a href="#TemplateInfo">Contact</a></li> <li><a href="#TemplateInfo">Site Map</a></li> </ul> <h3>Support Styleshout</h3> <div class="left-box"> <p>This is a textbox on the right hand side of the page</p> </div> </div> <!-- End the sidebar --> <div id="main"> <h2>Create a new alert</h2> <script type='text/javascript'> $(function() { $('#datepicker').datepicker(); }); </script> <form name='createAlert' action='?a=createAlert' method='post'> <p> Title:<br/><input type='text' name='title' size='50'/><br/><br/> Message:</br><textarea name='message' cols='50' rows='15'></textarea><br/> Alert End Date:<br/><input type='text' name='endDate' id='datepicker'><br/><br/> <input type='submit' name='createAlertAuth' value='Submit'/> </p> </form> </div> <!-- content-wrap ends here --> </div> <!--footer starts here--> <div id="footer"> <p> © 2009 <strong>WeiryNet</strong> | Design by: <a href="http://www.styleshout.com/">styleshout</a> | Valid <a href="http://validator.w3.org/check?uri=referer">XHTML</a> | <a href="http://jigsaw.w3.org/css-validator/check/referer">CSS</a> <a href="index.html">Home</a> | <a href="index.html">Sitemap</a> | <a href="index.html">RSS Feed</a> </p> </div> <!-- wrap ends here --> </div> </body> </html>You can see when the form is submitted, there should only be 4 fields in $_POST:
title,message,endDate,createAlertAuth
Here is the mysterious part, on the page after being submitted i am receiving 2 extra form fields being submitted.
(Source for ?a=createAlert):
Code: Select all
<?php
if($session->isAdmin()){
if(!isset($_POST['createAlertAuth'])){
$alerts->displayCreateAlertsForm();
}else{
$userID = $_SESSION['userData']['userID'];
$title = mysql_real_escape_string($_POST['title']);
$title = mysql_real_escape_string($_POST['message']);
$title = mysql_real_escape_string($_POST['endDate']);
var_dump($_POST);
//$alerts->createAlert($userID,$title,$message,$endDate);
}
}
?>Code: Select all
array(6) {
["title"]=> string(4) "Test"
["message"]=> string(12) "Test message"
["endDate"]=> string(10) "02/20/2010"
["createAlertAuth"]=> string(6) "Submit"
["username"]=> string(0) ""
["password"]=> string(0) ""
}Could someone possibly point me in the direction where these fields are even coming from??