Daarius?

Anon

You helped me before

with this:

you secure page, that loads after the form submission from login page can have structure like this:

if ($submit) {
if ($REQUEST_METHOD == 'POST') {
// do your stuff here
}
else {
echo 'sorry, Illegeal request';
}
else {
echo 'sorry, cant call this script directly!';
}

above will make sure that the page is only called with POST method, and that is only possible with login form. and if its called directly it will give error message too.

Shall I just Copy/Paste this
to my page (that is supposed to be only acessed through the login.php) ?

/Chess

Anon

yes, you can just copy paste it, but you need to substitute the first if statement area (when its true) to perform whatever the script does.

rest, is fine. and make sure nothing else is outside the Parent IF statement.
i can give you example below again:

your secure.php (accesed from loging only):

if ($submit) {
if ($REQUEST_METHOD == 'POST') {

// Here your all the code for this
// secure script goes!

// make sure you have this exit(); here at
// the end, or else it will also execute
// the error message far below.
exit();

}
else {

// if the script is called via GET method
// following error is raised!
echo 'sorry, Illegeal request';

}

// you dont need the final ELSE statement
// for parent IF statement. because if the script
// is called directly, the following deault code
// will be executed.

echo 'Direct access to this script is not allowed';
exit();

goodluck.
Daarius...

Anon

hihihi

Yea, well..
It works all to
well...

I get "Sorry, Illegal request"
Even when I DO login 🙂

Anon

sorry, the line should be:

$REQUEST_METHOD != 'POST'

instead of:
$REQUEST_METHOD == 'POST'

because, you are using METHOD="POST" in your login form, so its matching it, and showing you illegal message 🙂

so, if the method was not post, ie. GET then it will only show that.

try it now.

Anon

Juppz.

I use 'Post' in my
form...

But after changing the script
I still get the same error..
🙁

Anon

i dont know if that check is case sensitive. so also try to check the case too.

apart from that, it should all be ok. becuase it 'is' recognising the submit request from the form, and then it shifts down in IF statement and checks the METHOD, on that it raises the error if it does not match POST.

Anon

check the case?
Can you print a script for that
here?
please?

Anon

i meant, i dont know if the check on METHOD we are doing is in some way 'case sensitive'.

so if you have
$REQUEST_METHOD='POST'

and in form you have
METHOD="Post"

so, i am in doubt that it might not match. but you can try and see.

thats all i can think of. i am using the same methods with all of my programs, and its qorking fine.

Anon

just do
if (strtolower($REQUEST_METHOD) == 'post') {
//code
} else {
//code
}

-rich

Anon

Still doesn´t work

Anon

I tried to print $person
in my other page (the secured one)
With no result!

Are you guys sure that If I have
the form and all as index.php
and I put the rest in val.php.
Then, are you sure the val.php
can identify $Submit
(that is: U sure val.php knows that the form
from index.php really is posted)?

Anon

This is my script:

index.php:

<form method="post" action= <? $php_self ?>>
<input type="hidden" name="doCheck" value="1">
<input type="textfield" name="name">
<input type="password" name="passwd">
<input type="submit">
//(I also use a Header with val.php)

val.php:

<?php
if ($submit) {
if ($REQUEST_METHOD != 'POST');

?>

<head><title>Inloggad</title></head>
<body>
<h2>Vad vill du göra?</h2><p>
<a href="komm.htm">Mata</a> in ett kommando till DB?<br>
<a href="store.php">Infoga</a> en fil till DB?<br>
<a href="getdata.php">Mata</a> ut en fil från DB?<br>
<a href="input.php">Skriva</a> in en text till DB?<br>
<?
exit();
}
} else {
echo 'Sorry, Illegeal request';
}
?>
</body>

Anon

Shoudn't <? $PHP_SELF ?> be <? echo "$PHP_SELF ?>.

Anon

Shoudn't <? $PHP_SELF ?> be <? echo "$PHP_SELF ?>.

Also I don't know that if you're using Header() that it will carry your form data, when the form is directed at index

Anon

header("Location: val.php");

Anon

You shouldn't be the form will carry your data. Instead of action=<? $PHP_SELF ?> you should try action =val.php. That way whatever input values you choose in the form will be sent to val.php as name-value pairs.
i.e. name=value, which you can access with $name. Using Header() means you probably access val.php without any values.
You will need (if you don't have) one a submit button.
I would try remarqing out the HEADER like this //HEADER("");

Anon

Nopes, Obviously the
val.php is not recognizing
the variables in your
script either
since I get a blank page
in val.php

That means that the val.php
Doesn´t even feel that the
Submit button is clicked
from index.php

/Chess

Anon

Does your form look something like this?

echo "<form action=\"val.php\" method=POST>";
echo "<input name=\"send_one\" value=\"Itm to send\">";
echo "<input name=\"send_two\">;
echo "<input type=\"Submit\" value=\"Go TO VAL\">;
echo "</form>";

Then in val.php you should be able to do this.

<?
echo "$send_one, $send_two";
?>