Page 1 of 1

Navigation / Backbone script for a web app.

Posted: Thu Jan 17, 2008 4:53 pm
by jeffrydell
I'm a self-taught php 'scripter' who can't get his head around OOP. I feel like the train has left the station. That said, I hope you can offer me some ideas on how to accomplish the task before me.

I'm offering a web based service that accepts registrations ... the usual name, address, phone etc., then a lot of very specific information relating to the games an individual likes to play and what level they are at.

The process takes 13 forms from start to finish, more if they want to enter and event multiple times (loops back through 6 or 7 steps).

Basically each step has a script which looks up default values in the MySQL db, if none exist it places blanks in a $_SESSION array then places the form on the screen. A processing script validates the $_POST values and either throws an error message (going back to the same form) or stores everything in an Array, then sends the user on to the next step where it all starts over.

My issue is with controlling the 'flow'. Getting the user reliably from one step to another. I can handle just about anything when the user clicks on the controls I provide, but when they start navigating via their browser's buttons or History ... stuff falls apart really quickly.

What to do? I need to learn the best way to structure a multi-form 'interview process' - but don't know what I need to learn. Alternatively, is there a feature-rich developement tool which doesn't take 6 months to learn (I know that's an oxymoron) which might help me build a backbone script to tie this all together ... OR ... is there someone here who would be willing to mentor me and work with me to develop this application clean & tight? I'd be willing to pay for that.

Any input you can provide would be GREATLY appreciated. I've been at this for 9 months and have a lot of good pieces in place ... just need to tie those pieces all together. Thanks in advance for your help.

Jeff

Re: Navigation / Backbone script for a web app.

Posted: Fri Jan 18, 2008 1:40 am
by matthijs
Maybe there's some helpful info in this article.

Re: Navigation / Backbone script for a web app.

Posted: Fri Jan 18, 2008 2:15 am
by VladSun
I would use a serialized state variable passed by POST ... Thus the user will have real "back-forward" navigation which is hard to achieve when using session variables.
To ensure that the user hasn't changed anything after the validation step use a HMAC field.

Re: Navigation / Backbone script for a web app.

Posted: Fri Jan 18, 2008 7:45 am
by jeffrydell
matthijs wrote:Maybe there's some helpful info in this article.
Extremely well written and helpful. I'm not sure I grasp all the concepts yet - but certainly a step in the right direction.

Thanks!

Re: Navigation / Backbone script for a web app.

Posted: Fri Jan 18, 2008 7:52 am
by jeffrydell
[quote="VladSun"]I would use a serialized state variable passed by POST

VladSun,

Thanks for the reply!

You used a couple of terms that are way beyond me here, so I'm going to try to clarify.

My guess is that a serialized state variable would be something like <input type="hidden" name="step" value="3"> included in the third form?

I Googled HMAC field and found many references to it, but no explanation of what it is. Would you please shed some light on that?

Jeff

Re: Navigation / Backbone script for a web app.

Posted: Fri Jan 18, 2008 8:09 am
by VladSun
Every step (except the first one) of the wizard has this code in:

Code: Select all

 
$my_secret_key = 'jdnf89fjashfastaehfdbsgf8aes';
 
if (hmac($_POST['state'], $my_secret_key) !== $_POST['hmac']) die ('Hacking attempt!');
$state = unserialize(base64_decode($_POST['state']));
.......
-> validation of $_POST
........
$state['field_name1']  = $_POST['field_name1'];
$state['field_name2']  = $_POST['field_name2'];
........
 
<form action='next_step.php' method='post'>
<input type='hidden' name='state' value='". base64_encode(serialize($state))) ."'>
<input type='hidden' name='hmac' value='". hmac(base64_encode(serialize($state)), $my_secret_key) ."'>
 
hmac function:

Code: Select all

 
function hmac($data, $passwd, $algo = 'sha1')
{
   /* md5 and sha1 only */
   $algo = strtolower($algo);
   $p = array('md5'=>'H32','sha1'=>'H40');
 
   if(strlen($passwd) > 64) $passwd=pack($p[$algo], $algo($passwd));
   if(strlen($passwd) < 64) $passwd=str_pad($passwd, 64, chr(0));
 
   $ipad = substr($passwd, 0, 64) ^ str_repeat(chr(0x36), 64);
   $opad = substr($passwd, 0, 64) ^ str_repeat(chr(0x5C), 64);
 
   return($algo($opad.pack($p[$algo], $algo($ipad.$data))));
}
It's much better to have a State class with all the methods you need (hmac, import, export, SQL_save etc.), but you can use simply an array for the state variable.

HMAC simply makes a "fingerprint" of your data by using a secret key - so if someone modifies it the fingerprints would not match and you will know there is something wrong.

PS: Another issue solved by using $state is that you have all the data you need before any SQL insert operations.

Re: Navigation / Backbone script for a web app.

Posted: Fri Jan 18, 2008 8:22 am
by jeffrydell
Yeah, like I said at the start of my original post ...

I'm a self-taught php 'scripter' who can't get his head around OOP.

I'm simply not at the level of understanding to be able to grasp what you apparently use on a very fluent and regular basis. I've made it past echo 'Hello World!'; but I'm not quite up to being able to understand / use / develop around the code you've posted.

I'm sure it would work quite well and thank you for your time ... It's just more than I can handle.

Re: Navigation / Backbone script for a web app.

Posted: Fri Jan 18, 2008 8:33 am
by VladSun
jeffrydell wrote:I'm sure it would work quite well and thank you for your time ... It's just more than I can handle.
It's not so hard - try it :)

PS: I've edited the script above - there was an error in it :)