Session, forms related question

phprock

Well, since i started learning php, I become familiar with session.
But noticed that it is not very user friendly and secure...

Like, on a shared server, other people can steal session file.

Anway, i did not seey any good secure user authentication in session other then the following logic

<?php
session_start();

if(!isset($_SESSION["myvariable"])){
tell the visitor to login
}else{
ok,  there is session now check  this session against database.if everything ok, let the secure page to access
}

?>

And the big problem is .. to track user ,I wil l have to start session.. in any place that I want o check access

and If i start session I will get problem in form submissoin.Cause
Once the user submitted a form and if they go back to fill up incomplete fields of the form it's previously filled fields content disappear. It's annoying ..because customer wasted time to fill up a form and for just one mistake he has to rettype everything.

so, what the soluation for me. I give you one example bellow here

<?php

//login page
session_start();
if(isset($_SESSION["logged_in"])){
header("location:index.php?file=member");
exit;
}

echo"<form action=\"check.php\" method=\"post\">";

echo"Your message <textarea name=msg col=51 rows=8></textearea>";
echo"Your name<input type=\"text\" name=unmae>";
echo"<input type=submit value=send message>";
echo"</form>";

?>

Now here is my check.php

<?php

if(empty($_POST["name"])){
echo"OOPs, you didn't write your name";
exit;
}

You can see that if the use forgot to type thier name he has to go back to login page and type his name. But as i started session,
user has to retype his message !

Anway, solution...

I want to use cookie but ..session is more simpliar...

Any suggestion or solution ..

Thanks

cahva

Use the login page to send the form to itself and only thing you have to do to the page to "remember" last inputted values is like this:

...
echo"Your message <textarea name=msg col=51 rows=8>".$_POST['msg']."</textearea>";
...

TTT

use javascript

echo"<form action=\"check.php\" method=\"post\" name=\"aform\">";

echo"Your message <textarea name=msg col=51 rows=8></textearea>";
echo"Your name<input type=\"text\" name=unmae>";
echo"<input type=button value=send message onclick=\"javascript: return chkform();\">";
echo"</form>";

phprock

Thank you but..

I might have 12/20 fields..
so in every fields I have to do that (ie.$_POST["myvarabil"]?

and I get undefined variable ...so I have to initialisze all these varaiables ??

phprock

I always try to avoid javascript and it can be turned off in a browser.... then user can submit blank information...so I always check in php coding...

cahva

If you have that error reporting on then yes, you have to initialize it. I have this function to do that:

function getVar($varname) {
$default='';
	if(empty($_POST[$varname])) return $default; 
		return $_POST[$varname];
}

So you can use that to initialize it and print the variable:

echo"Your message <textarea name=msg col=51 rows=8>".getVar('msg')."</textearea>";

phprock

Thank you again
but I still get the same problem, form inputs gets cleared when i go back...

cahva

Hmm.. From what page you are going back? If you mean by browsers own back-button then php is no use. Different browsers act different. Some remember the values by default, some not.

If you are doing your check in separate page and you have a back button in case of bad values, you must send the same data back again. But easier way is to send the form to same page and do the checks there(so you dont even have to create a back-link/button).

phprock

This what i m doing

if(empty($_POST["email"]) || empty($_POST["name"]) || 
empty($_POST["sex"]) || empty($_POST["email2"]) || 
empty($_POST["password"]) || empty($_POST["password2"]))
{
message_die("Oops,Forms was incomplete.
<a href=\"index.php?file=register\">Go back </a> and fill up incomplete fields.");
}

cahva

My proposal would be that you put the check to the same page where the form is. Then you just echo at some convenient place (and in red offcourse 🙂) that not all the fiels were filled.

It would look something like this:

if (!empty($_POST['submit']) {
if(empty($_POST["email"]) || empty($_POST["name"]) || 
empty($_POST["sex"]) || empty($_POST["email2"]) || 
empty($_POST["password"]) || empty($_POST["password2"]))
{
echo "Oops,Forms was incomplete. Fill up incomplete fields.<br>";
}
else {
header('Location: index.php'); // Use full url-address if possible
}
}