php - Protect form with session token -


i wrote script protect form session token; script not work if try validate form fields before checking token. me figure out wrong script please?

<?php           session_start();           class token {             public static function generate() {               return $_session['token'] = base64_encode(openssl_random_pseudo_bytes(15));             }             public static function check($token) {               if (isset($_session['token']) && $token === $_session['token']) {                 unset($_session['token']);                 return true;               }               return false;             }           }         ?>         <?php           $display_form = false;           if (isset($_post['submit'])) {             $username = $_post['username'];             $userpass = $_post['userpass'];              if (strlen($username) < 4) {               $error_name = 'required';               $display_form = true;               $validation_error = true;             }             if (strlen($userpass) < 8) {               $error_pass = 'required';               $display_form = true;               $validation_error = true;             }             if (!$validation_error) {               if (token::check($_post['token'])) {                 echo 'process form';               } else {                 echo 'invalid security token';               }             }           } else {             $display_form = true;           }         ?>         <!doctype html>         <html lang="en">         <head>           <meta charset="utf-8">           <title>title</title>         </head>         <body>         <?php           if ($display_form == true) {         ?>         <form method="post" action="<?php echo htmlspecialchars($_server['request_uri']); ?>">           <input type="hidden" name="token" value="<?php echo token::generate(); ?>">           <input type="text" name="username" id="" placeholder="username">           <?php echo $error_name; ?>           <br>           <input type="password" name="userpass" id="" placeholder="password">           <?php echo $error_pass; ?>           <br>           <input type="submit" name="submit" value="sign in">         </form>         </body>         </html>         <?php          }         ?>

this code hard read. can't tell when if statements start , end. stop using classes everything. use procedural programming big boy.

your issue simple one. $validation_error not initialized in outer scope. meaning not saved between if statments.

to fix add $validation_error = false @ outer scope:

... $display_form = false; $validation_error = false; // right here           if (isset($_post['submit'])) {             $username = $_post['username'];             $userpass = $_post['userpass'];             ...

-

Comments

Post a Comment

Popular posts from this blog

java - Jasper subreport showing only one entry from the JSON data source when embedded in the Title band -

Image
i having issues populating data in subreport in title band of main report. data populated correctly in subreport in detail band of main report. trying find wrong in json query. appreciated. json sample data source (expenses.json) { "expenses": { "date": "8 sep 2016", "accounts": [ { "title": "xyz corp (111)", "accountname": "xyz corp", "accountnumber": "111", "transactions": [ { "date": "21 jun 2016", "name": "gas", "price": "17.50" }, { "date": "12 may 2016", "name": "shopping", "price": "111.99" }, { "date": "30 apr 2016", "name...
Read more

serialization - Convert Any type in scala to Array[Byte] and back -

i have following question: i have variable value in program declared value. i want convert value byte array.. how can serialize byte array , back? found examples related other types such double or int, not any. this should need. it's pretty similar how 1 in java. import java.io.{bytearrayinputstream, bytearrayoutputstream, objectinputstream, objectoutputstream} object serialization extends app { def serialise(value: any): array[byte] = { val stream: bytearrayoutputstream = new bytearrayoutputstream() val oos = new objectoutputstream(stream) oos.writeobject(value) oos.close stream.tobytearray } def deserialise(bytes: array[byte]): = { val ois = new objectinputstream(new bytearrayinputstream(bytes)) val value = ois.readobject ois.close value } println(deserialise(serialise("my test"))) println(deserialise(serialise(list(1)))) println(deserialise(serialise(map(1 -> 2)))) println(deserialise(seri...
Read more

SonarQube Plugin for Jenkins does not find SonarQube Scanner executable -

Image
i trying run sonarqube scanner within jenkins post-build step. however, keep getting error message below: ------------------------------------------------------------------------ sonar analysis failed ------------------------------------------------------------------------ fatal: sonarqube scanner executable not found sonarqube build step 'execute sonarqube scanner' marked build failure from similar questions on stackoverflow read 1 should choose "install automatically" sonarqube scanner, have done. my configurations follows: sonarqube 6.0 jenkins 1.609.3 sonarqube plugin 2.4.4 sonarqube servers sonarqube scanner build-step when config sonarqube scanner in manage jenkins --> global tool configuration --> sonarqube scanner, besides select "install automatically", need add installer. see screenshot here: sonarqube scanner --> add installer
Read more