Stop those naughty people.....anyone any ideas.

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
sillywilly
Forum Newbie
Posts: 19
Joined: Thu May 02, 2002 5:11 pm

Stop those naughty people.....anyone any ideas.

Post by sillywilly »

I have an online questionnire @

http://www.lanenuff.com/questionnaire/g ... e_test.php

I am using the switch function to allow the user to be taken through the questions/sections in a logical fashion, from one section to the next. This is done through passing through a hidden variable that tells the switch which question/section that needs to be displayed.

I have discovered that this whole process can be bypassed using the following:

http://www.lanenuff.com/questionnaire/g ... hp?stage=4

I want to be able to stop people from accessing the sections via using a url to pass the stage. I only want people to be able to proceed through the questionnaire using the submit buttons.

Does anyone have any ideas coding wise?
samscripts
Forum Commoner
Posts: 57
Joined: Tue Apr 23, 2002 4:34 pm
Location: London, UK

Post by samscripts »

hi, you could check that the $stage value comes from $HTTP_POST_VARS["stage"] - if it comes from the form it will be set. If it comes from the querystring, it won't.

You can check if it is from the querystring (ie naughty user :D ) by checking if $HTTP_GET_VARS["stage"] is set.

Note that if you use $HTTP_*_VARS[] in a function you have to declare them global

hope this helps,

sam
User avatar
twigletmac
Her Royal Site Adminness
Posts: 5371
Joined: Tue Apr 23, 2002 2:21 am
Location: Essex, UK

Post by twigletmac »

If you're using a newer version of PHP, 4.1.0 up (IIRC) then you can use the $_POST and $_GET arrays instead of the $HTTP_*_VARS ones. So you would check $_POST['stage'] to check that the result was from the form.

These arrays are autoglobals so do not have to be registered as globals. There's a whole bunch of autoglobal variables: http://www.php.net/manual/fi/reserved.variables.php

Mac
User avatar
dethron
Forum Contributor
Posts: 370
Joined: Sat Apr 27, 2002 11:39 am
Location: Istanbul

Post by dethron »

Thanx all, guys.

This is a good question answered by good answers.

What about using session instead of posting data, we can add this new value as a session variable and so we can able to control users action, powerfully.

Thanks all :)
I LOVE PHP
User avatar
hob_goblin
Forum Regular
Posts: 978
Joined: Sun Apr 28, 2002 9:53 pm
Contact:

Post by hob_goblin »

i found a small bug, in section 2, about multiplayer games, you can select more than one option with the radio buttons ...for instance

2.1. Because of the team aspect of multiplayer gaming.

Yes definitely
Probably
Possibly
No


the "yes definitely" is under a different name so hence you could check more than one....i dont know if you planned this...but it looks like a bug
Post Reply