Simple coding help?

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
duality129
Forum Newbie
Posts: 1
Joined: Sun Feb 12, 2012 4:18 pm

Simple coding help?

Post by duality129 »

Hey guys X) another PHP noob is looking for a bit of help!

The concept: I want to set up a website that is a series of riddles. From the start page, you have to enter a set password to get to the next page, which will have a different riddle, and a different password.

a couple of the pages:

Code: Select all

<p> To continue, you must know. </p>

<form action="/answer.php" method="post">
 <input type="text" maxlength="22" name="key" />
 <input type="hidden" name="correctkey" value="ANSWER HERE" />
 <input type="hidden" name="page" value="NAME OF CURRENT PAGE.PHP" />
 <input type="hidden" name="nextpage" value="NAME OF NEXT PAGE.PHP" />
 <input type="submit" value="GO" />
</form>

The above is just a quick excerpt, but the rest of the page is text and formatting.

answer.php is:

Code: Select all

<html>
<?php
$key = $_POST['key'];
$correctkey = $_POST['correctkey'];
$page = $_POST['page'];
$nextpage = $_POST['nextpage'];

if ($key==$correctkey)
  header ("Location: $nextpage"); 
else
  header ("Location: $page");
?>
</html>
Functionally, it's really simple. But the problem i'm facing is in keeping the passwords for each page out of the source. I've been able to make the site behave as expected, but I can't seem to keep the passwords away from the watchful eyes of Google chrome's 'inspect element' function, even if I Include() the form code instead. Maybe i didn't use it right? :?:
In actuality, it isn't a huge matter of security, but I would really appreciate if I could make it so that you couldn't just right-click the page and find out the answers! XP
User avatar
califdon
Jack of Zircons
Posts: 4484
Joined: Thu Nov 09, 2006 8:30 pm
Location: California, USA

Re: Simple coding help?

Post by califdon »

The user will always be able to see the HTML in the source view, so you don't want to use that for storing anything you don't want the user to see, regardless of any PHP techniques, since that's all done before the page is sent to the browser. This is a job for Session variables. Read up on them: http://www.php.net/manual/en/book.session.php (the official explanation) and/or http://www.w3schools.com/php/php_sessions.asp (tutorial, easier to read).
User avatar
Mordred
DevNet Resident
Posts: 1579
Joined: Sun Sep 03, 2006 5:19 am
Location: Sofia, Bulgaria

Re: Simple coding help?

Post by Mordred »

Also, an easier way would be to use a bit of javascript to send the user to <password>.html which is the next level of the game.
Post Reply