I have an online questionnire @
http://www.lanenuff.com/questionnaire/g ... e_test.php
I am using the switch function to allow the user to be taken through the questions/sections in a logical fashion, from one section to the next. This is done through passing through a hidden variable that tells the switch which question/section that needs to be displayed.
I have discovered that this whole process can be bypassed using the following:
http://www.lanenuff.com/questionnaire/g ... hp?stage=4
I want to be able to stop people from accessing the sections via using a url to pass the stage. I only want people to be able to proceed through the questionnaire using the submit buttons.
Does anyone have any ideas coding wise?
Stop those naughty people.....anyone any ideas.
Moderator: General Moderators
-
sillywilly
- Forum Newbie
- Posts: 19
- Joined: Thu May 02, 2002 5:11 pm
-
samscripts
- Forum Commoner
- Posts: 57
- Joined: Tue Apr 23, 2002 4:34 pm
- Location: London, UK
hi, you could check that the $stage value comes from $HTTP_POST_VARS["stage"] - if it comes from the form it will be set. If it comes from the querystring, it won't.
You can check if it is from the querystring (ie naughty user
) by checking if $HTTP_GET_VARS["stage"] is set.
Note that if you use $HTTP_*_VARS[] in a function you have to declare them global
hope this helps,
sam
You can check if it is from the querystring (ie naughty user
Note that if you use $HTTP_*_VARS[] in a function you have to declare them global
hope this helps,
sam
- twigletmac
- Her Royal Site Adminness
- Posts: 5371
- Joined: Tue Apr 23, 2002 2:21 am
- Location: Essex, UK
If you're using a newer version of PHP, 4.1.0 up (IIRC) then you can use the $_POST and $_GET arrays instead of the $HTTP_*_VARS ones. So you would check $_POST['stage'] to check that the result was from the form.
These arrays are autoglobals so do not have to be registered as globals. There's a whole bunch of autoglobal variables: http://www.php.net/manual/fi/reserved.variables.php
Mac
These arrays are autoglobals so do not have to be registered as globals. There's a whole bunch of autoglobal variables: http://www.php.net/manual/fi/reserved.variables.php
Mac
- hob_goblin
- Forum Regular
- Posts: 978
- Joined: Sun Apr 28, 2002 9:53 pm
- Contact:
i found a small bug, in section 2, about multiplayer games, you can select more than one option with the radio buttons ...for instance
2.1. Because of the team aspect of multiplayer gaming.
Yes definitely
Probably
Possibly
No
the "yes definitely" is under a different name so hence you could check more than one....i dont know if you planned this...but it looks like a bug
2.1. Because of the team aspect of multiplayer gaming.
Yes definitely
Probably
Possibly
No
the "yes definitely" is under a different name so hence you could check more than one....i dont know if you planned this...but it looks like a bug