...

View Full Version : Function to check checkbox



dk4210
04-20-2011, 02:42 AM
Hello Guys,

I have a question here.. I am trying to write a function that will kick off a notification and log some one out if they try to bypass my check box with something other than the value of "1". I can't get it to work right..

Just not sure how to write the code to check for a "1" if the check box isn't checked then it doesn't pass any post vars..

Please advise..




function check_Cboxes($display_email,$display_name,$member_id,$description,$ip){
if(isset($display_email,$display_name ))
{

if ($display_email!='1' || $display_name!='1') {

}
$t_error="9";
$member_id = $member_id;
notify_Admin($t_error,$member_id,$ip);
logOut ($t_error);
exit;
}

}

mlseim
04-20-2011, 03:02 AM
How are you getting the checkboxes from the form, and how do you call the function?
Show us that part of the script too.

dk4210
04-20-2011, 12:57 PM
Hi,

Here is my html in the form



<input type="checkbox" class="Checkbox1" name="display_name" value="1"><span class="dnametxt">Display name in Ad?</span>

<input type="checkbox" class="Checkbox1" name="display_email" value="1"><span class="dnametxt">Display Email address in Ad?</span>




I call the function like this




check_Cboxes($display_email,$display_name,$member_id,$description,$ip); // Checks check boxes

mlseim
04-20-2011, 01:26 PM
You are requiring BOTH to be checked ... I assume you know that.



<?php

// example of how to check the checkboxes...

// you really don't need a function for this ...
// it's not something that should be a function.

// check for BOTH checkboxes from form.
if(isset($display_email) && isset($display_name)){
// they are both set, so everything is OK.
}
else{
// they are NOT both set, so display error and exit.
$t_error="9";
$member_id = $member_id;
notify_Admin($t_error,$member_id,$ip);
logOut ($t_error);
exit;
}

// the rest of your script here ...


?>




.

dk4210
04-20-2011, 02:01 PM
Hi Thanks for the response..

The thing is I dont want to require them to be set. I just want it to check the $_POST var to make sure it is "1" and nothing else. Thats only if the user checks the checkbox..

The reason behind this is if a hacker tried to pass any thing else but "1" (Example XSS code) that the function with the if stmt will catch it and do what it needs to do..

Logic

1. Check to see if user checked the checkbox
No? then don't do anything
Yes? Go on to step 2

2. User checked check box, does the $_Post var have the value of "1"
Yes? Don't do anything because $_POST var is fine
No? $_Post var is !="1" so proceed with Notification and log out procedure.

That's what I am trying to do but for some reason I can write the code to get it to work..

what ya think?

oesxyl
04-20-2011, 05:24 PM
Hi Thanks for the response..

The thing is I dont want to require them to be set. I just want it to check the $_POST var to make sure it is "1" and nothing else. Thats only if the user checks the checkbox..

The reason behind this is if a hacker tried to pass any thing else but "1" (Example XSS code) that the function with the if stmt will catch it and do what it needs to do..

Logic

1. Check to see if user checked the checkbox
No? then don't do anything
Yes? Go on to step 2

2. User checked check box, does the $_Post var have the value of "1"
Yes? Don't do anything because $_POST var is fine
No? $_Post var is !="1" so proceed with Notification and log out procedure.

That's what I am trying to do but for some reason I can write the code to get it to work..

what ya think?
try this:


// the values will be default to what you have in $checkboxs
$checkboxs = array('display_name' => 0, 'display_email' => 0);

foreach($_POST as $name => $value){
if(in_array($name,array_keys($check_boxs)){
// is in $_POST and have a value? then is checked
if(intval($_POST[$name]) != 1){
// notify, logout, kill the bad guy here
}else{
// if you want to be 'nice', :)
$checkboxs[$name] = 1;
}
}
}

// use $checkboxs['whatever'] here


i didn't read last part with notification and logout, so i corrected the code
best regards

dk4210
04-20-2011, 05:52 PM
How would I add that to this function though



function check_Cboxes($display_email,$display_name,$member_id,$description,$ip){
$checkboxs = array('display_name' => 0, 'display_email' => 0);

foreach($_POST as $name => $value){
if(in_array($name,array_keys($check_boxs)){
// is in $_POST and have a value? then is checked
if(intval($_POST[$name]) != 1){
// notify, logout, kill the bad guy here
}else{
// if you want to be 'nice', :)
$checkboxs[$name] = 1;
}
}
}}

Showing syntax error

oesxyl
04-20-2011, 05:59 PM
How would I add that to this function though



function check_Cboxes($display_email,$display_name,$member_id,$description,$ip){
$checkboxs = array('display_name' => 0, 'display_email' => 0);

foreach($_POST as $name => $value){
if(in_array($name,array_keys($check_boxs)){
// is in $_POST and have a value? then is checked
if(intval($_POST[$name]) != 1){
// notify, logout, kill the bad guy here
}else{
// if you want to be 'nice', :)
$checkboxs[$name] = 1;
}
}
}}

Showing syntax error



i didn't test it, probably are some typos or i miss somesthing. What error show?

you don't need anymore $display_email and $display_name, are hardcoded in $checkboxs



if(in_array($name,array_keys($check_boxs)){

should be:


if(in_array($name,array_keys($checkboxs)){


best regards

dk4210
04-20-2011, 06:07 PM
I removed the "_" and its still showing the error

http://screencast.com/t/lIurtmDITY

oesxyl
04-20-2011, 06:12 PM
I removed the "_" and its still showing the error

http://screencast.com/t/lIurtmDITY

forget to close a (,



if(in_array($name,array_keys($checkboxs))){


best regards

dk4210
04-20-2011, 06:18 PM
Hey thanks so much for the help man..

The only hang up I have here is with this

foreach($_POST as $name => $value){

and

if(intval($_POST[$name]) != 1){

I dont want to grab all the post vars because I've already done that and ran them through the filter.

I already have the two vars here - $display_email & $display_name

How would I write the for each with that in mind?

Thanks!

oesxyl
04-20-2011, 06:25 PM
Hey thanks so much for the help man..

The only hang up I have here is with this

foreach($_POST as $name => $value){

and

if(intval($_POST[$name]) != 1){

I dont want to grab all the post vars because I've already done that and ran them through the filter.

I already have the two vars here - $display_email & $display_name

How would I write the for each with that in mind?

Thanks!
passing $display_email & $display_name is useless since you never use them.
I agree that is better to avoid to useless iterate all values from $_POST but the difference is small, except if you pass hundred of parameters.
Anyway this is same thing changed to not iterate $_POST:



function check_Cboxes($member_id,$description,$ip){
$checkboxs = array('display_name' => 0, 'display_email' => 0);

// check only what is in $checkboxs, grab 2 values
foreach($checkboxs as $name => $value){
if(in_array($name,array_keys($_POST))){
// is in $_POST and have a value? then is checked
if(intval($_POST[$name]) != 1){
// notify, logout, kill the bad guy here
}else{
// if you want to be 'nice', :)
$checkboxs[$name] = 1;
}
}
}}


best regards

oesxyl
04-20-2011, 06:42 PM
something like this?


function check_Cboxes($display_email,$display_name,$member_id,$description,$ip){
if((isset($display_email) && $display_email != '1') ||
(isset($display_name) && $display_name != '1')){

$t_error="9";
$member_id = $member_id;
notify_Admin($t_error,$member_id,$ip);
logOut ($t_error);
exit;
}
}

what you do when both are unchecked?

best regards

dk4210
04-20-2011, 06:43 PM
You Rock!!! It works great... I should be able to use this for site wide check boxes right?

I will just have to add the vars like this correct?

$checkboxs = array('display_name' => 0, 'display_email' => 0, 'display_num2' => 0, 'display_num3' => 0, 'display_num4' => 0, 'display_num5' => 0);

oesxyl
04-20-2011, 06:51 PM
You Rock!!! It works great... I should be able to use this for site wide check boxes right?

I will just have to add the vars like this correct?

$checkboxs = array('display_name' => 0, 'display_email' => 0, 'display_num2' => 0, 'display_num3' => 0, 'display_num4' => 0, 'display_num5' => 0);
:), yes and you could make it more general by passing $checkboxs as argument of the functions instead of hardcoding it inside. Should also work with radioboxes, both have the habit to not fill $_POST if are unchecked.

best regards

dk4210
04-20-2011, 06:54 PM
Could you give me an example of passing the check box as an argument instead of hard coding it??

oesxyl
04-20-2011, 07:03 PM
Could you give me an example of passing the check box as an argument instead of hard coding it??
yes, :)



// somewhere in the code you need to define the default values for each checkbox/radiobox
$myboxes = array('display_name' => 0, 'display_email' => 0);

// define the function somewhere
function check_Cboxes($checkboxs, $member_id,$description,$ip){
// check only what is in $checkboxs, grab 2 values
foreach($checkboxs as $name => $value){
if(in_array($name,array_keys($_POST))){
// is in $_POST and have a value? then is checked
if(intval($_POST[$name]) != 1){
// notify, logout, kill the bad guy here
}else{
// if you want to be 'nice', :)
$checkboxs[$name] = 1;
}
}
}
return $checkboxs;
}

// use it somewhere, $checkedvalues will have the correct values taken from $_POST or the default values from $myboxes
$checkedvalues = check_Cboxes($myboxes, $member_id,$description,$ip);


this will expect to use '1' and '0' for values in $_POST.

best regards



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum