Page 1 of 1

Stop those naughty people.....anyone any ideas.

Posted: Thu May 09, 2002 6:45 am
by sillywilly
I have an online questionnire @

http://www.lanenuff.com/questionnaire/g ... e_test.php

I am using the switch function to allow the user to be taken through the questions/sections in a logical fashion, from one section to the next. This is done through passing through a hidden variable that tells the switch which question/section that needs to be displayed.

I have discovered that this whole process can be bypassed using the following:

http://www.lanenuff.com/questionnaire/g ... hp?stage=4

I want to be able to stop people from accessing the sections via using a url to pass the stage. I only want people to be able to proceed through the questionnaire using the submit buttons.

Does anyone have any ideas coding wise?

Posted: Thu May 09, 2002 7:19 am
by samscripts
hi, you could check that the $stage value comes from $HTTP_POST_VARS["stage"] - if it comes from the form it will be set. If it comes from the querystring, it won't.

You can check if it is from the querystring (ie naughty user :D ) by checking if $HTTP_GET_VARS["stage"] is set.

Note that if you use $HTTP_*_VARS[] in a function you have to declare them global

hope this helps,

sam

Posted: Thu May 09, 2002 7:27 am
by twigletmac
If you're using a newer version of PHP, 4.1.0 up (IIRC) then you can use the $_POST and $_GET arrays instead of the $HTTP_*_VARS ones. So you would check $_POST['stage'] to check that the result was from the form.

These arrays are autoglobals so do not have to be registered as globals. There's a whole bunch of autoglobal variables: http://www.php.net/manual/fi/reserved.variables.php

Mac

Posted: Fri May 10, 2002 7:14 am
by dethron
Thanx all, guys.

This is a good question answered by good answers.

What about using session instead of posting data, we can add this new value as a session variable and so we can able to control users action, powerfully.

Thanks all :)
I LOVE PHP

Posted: Fri May 10, 2002 2:16 pm
by hob_goblin
i found a small bug, in section 2, about multiplayer games, you can select more than one option with the radio buttons ...for instance

2.1. Because of the team aspect of multiplayer gaming.

Yes definitely
Probably
Possibly
No


the "yes definitely" is under a different name so hence you could check more than one....i dont know if you planned this...but it looks like a bug