dk4210 04-20-2011, 01:42 AM Hello Guys,
I have a question here.. I am trying to write a function that will kick off a notification and log some one out if they try to bypass my check box with something other than the value of "1". I can't get it to work right..
Just not sure how to write the code to check for a "1" if the check box isn't checked then it doesn't pass any post vars..
Please advise..
function check_Cboxes($display_email,$display_name,$member_id,$description,$ip){
if(isset($display_email,$display_name ))
{
if ($display_email!='1' || $display_name!='1') {
}
$t_error="9";
$member_id = $member_id;
notify_Admin($t_error,$member_id,$ip);
logOut ($t_error);
exit;
}
}
mlseim 04-20-2011, 02:02 AM How are you getting the checkboxes from the form, and how do you call the function?
Show us that part of the script too.
dk4210 04-20-2011, 11:57 AM Hi,
Here is my html in the form
<input type="checkbox" class="Checkbox1" name="display_name" value="1"><span class="dnametxt">Display name in Ad?</span>
<input type="checkbox" class="Checkbox1" name="display_email" value="1"><span class="dnametxt">Display Email address in Ad?</span>
I call the function like this
check_Cboxes($display_email,$display_name,$member_id,$description,$ip); // Checks check boxes
mlseim 04-20-2011, 12:26 PM You are requiring BOTH to be checked ... I assume you know that.
<?php
// example of how to check the checkboxes...
// you really don't need a function for this ...
// it's not something that should be a function.
// check for BOTH checkboxes from form.
if(isset($display_email) && isset($display_name)){
// they are both set, so everything is OK.
}
else{
// they are NOT both set, so display error and exit.
$t_error="9";
$member_id = $member_id;
notify_Admin($t_error,$member_id,$ip);
logOut ($t_error);
exit;
}
// the rest of your script here ...
?>
.
dk4210 04-20-2011, 01:01 PM Hi Thanks for the response..
The thing is I dont want to require them to be set. I just want it to check the $_POST var to make sure it is "1" and nothing else. Thats only if the user checks the checkbox..
The reason behind this is if a hacker tried to pass any thing else but "1" (Example XSS code) that the function with the if stmt will catch it and do what it needs to do..
Logic
1. Check to see if user checked the checkbox
No? then don't do anything
Yes? Go on to step 2
2. User checked check box, does the $_Post var have the value of "1"
Yes? Don't do anything because $_POST var is fine
No? $_Post var is !="1" so proceed with Notification and log out procedure.
That's what I am trying to do but for some reason I can write the code to get it to work..
what ya think?
oesxyl 04-20-2011, 04:24 PM Hi Thanks for the response..
The thing is I dont want to require them to be set. I just want it to check the $_POST var to make sure it is "1" and nothing else. Thats only if the user checks the checkbox..
The reason behind this is if a hacker tried to pass any thing else but "1" (Example XSS code) that the function with the if stmt will catch it and do what it needs to do..
Logic
1. Check to see if user checked the checkbox
No? then don't do anything
Yes? Go on to step 2
2. User checked check box, does the $_Post var have the value of "1"
Yes? Don't do anything because $_POST var is fine
No? $_Post var is !="1" so proceed with Notification and log out procedure.
That's what I am trying to do but for some reason I can write the code to get it to work..
what ya think?
try this:
// the values will be default to what you have in $checkboxs
$checkboxs = array('display_name' => 0, 'display_email' => 0);
foreach($_POST as $name => $value){
if(in_array($name,array_keys($check_boxs)){
// is in $_POST and have a value? then is checked
if(intval($_POST[$name]) != 1){
// notify, logout, kill the bad guy here
}else{
// if you want to be 'nice', :)
$checkboxs[$name] = 1;
}
}
}
// use $checkboxs['whatever'] here
i didn't read last part with notification and logout, so i corrected the code
best regards
dk4210 04-20-2011, 04:52 PM How would I add that to this function though
function check_Cboxes($display_email,$display_name,$member_id,$description,$ip){
$checkboxs = array('display_name' => 0, 'display_email' => 0);
foreach($_POST as $name => $value){
if(in_array($name,array_keys($check_boxs)){
// is in $_POST and have a value? then is checked
if(intval($_POST[$name]) != 1){
// notify, logout, kill the bad guy here
}else{
// if you want to be 'nice', :)
$checkboxs[$name] = 1;
}
}
}}
Showing syntax error
oesxyl 04-20-2011, 04:59 PM How would I add that to this function though
function check_Cboxes($display_email,$display_name,$member_id,$description,$ip){
$checkboxs = array('display_name' => 0, 'display_email' => 0);
foreach($_POST as $name => $value){
if(in_array($name,array_keys($check_boxs)){
// is in $_POST and have a value? then is checked
if(intval($_POST[$name]) != 1){
// notify, logout, kill the bad guy here
}else{
// if you want to be 'nice', :)
$checkboxs[$name] = 1;
}
}
}}
Showing syntax error
i didn't test it, probably are some typos or i miss somesthing. What error show?
you don't need anymore $display_email and $display_name, are hardcoded in $checkboxs
if(in_array($name,array_keys($check_boxs)){
should be:
if(in_array($name,array_keys($checkboxs)){
best regards
dk4210 04-20-2011, 05:07 PM I removed the "_" and its still showing the error
http://screencast.com/t/lIurtmDITY
oesxyl 04-20-2011, 05:12 PM I removed the "_" and its still showing the error
http://screencast.com/t/lIurtmDITY
forget to close a (,
if(in_array($name,array_keys($checkboxs))){
best regards
dk4210 04-20-2011, 05:18 PM Hey thanks so much for the help man..
The only hang up I have here is with this
foreach($_POST as $name => $value){
and
if(intval($_POST[$name]) != 1){
I dont want to grab all the post vars because I've already done that and ran them through the filter.
I already have the two vars here - $display_email & $display_name
How would I write the for each with that in mind?
Thanks!
oesxyl 04-20-2011, 05:25 PM Hey thanks so much for the help man..
The only hang up I have here is with this
foreach($_POST as $name => $value){
and
if(intval($_POST[$name]) != 1){
I dont want to grab all the post vars because I've already done that and ran them through the filter.
I already have the two vars here - $display_email & $display_name
How would I write the for each with that in mind?
Thanks!
passing $display_email & $display_name is useless since you never use them.
I agree that is better to avoid to useless iterate all values from $_POST but the difference is small, except if you pass hundred of parameters.
Anyway this is same thing changed to not iterate $_POST:
function check_Cboxes($member_id,$description,$ip){
$checkboxs = array('display_name' => 0, 'display_email' => 0);
// check only what is in $checkboxs, grab 2 values
foreach($checkboxs as $name => $value){
if(in_array($name,array_keys($_POST))){
// is in $_POST and have a value? then is checked
if(intval($_POST[$name]) != 1){
// notify, logout, kill the bad guy here
}else{
// if you want to be 'nice', :)
$checkboxs[$name] = 1;
}
}
}}
best regards
oesxyl 04-20-2011, 05:42 PM something like this?
function check_Cboxes($display_email,$display_name,$member_id,$description,$ip){
if((isset($display_email) && $display_email != '1') ||
(isset($display_name) && $display_name != '1')){
$t_error="9";
$member_id = $member_id;
notify_Admin($t_error,$member_id,$ip);
logOut ($t_error);
exit;
}
}
what you do when both are unchecked?
best regards
dk4210 04-20-2011, 05:43 PM You Rock!!! It works great... I should be able to use this for site wide check boxes right?
I will just have to add the vars like this correct?
$checkboxs = array('display_name' => 0, 'display_email' => 0, 'display_num2' => 0, 'display_num3' => 0, 'display_num4' => 0, 'display_num5' => 0);
oesxyl 04-20-2011, 05:51 PM You Rock!!! It works great... I should be able to use this for site wide check boxes right?
I will just have to add the vars like this correct?
$checkboxs = array('display_name' => 0, 'display_email' => 0, 'display_num2' => 0, 'display_num3' => 0, 'display_num4' => 0, 'display_num5' => 0);
:), yes and you could make it more general by passing $checkboxs as argument of the functions instead of hardcoding it inside. Should also work with radioboxes, both have the habit to not fill $_POST if are unchecked.
best regards
dk4210 04-20-2011, 05:54 PM Could you give me an example of passing the check box as an argument instead of hard coding it??
oesxyl 04-20-2011, 06:03 PM Could you give me an example of passing the check box as an argument instead of hard coding it??
yes, :)
// somewhere in the code you need to define the default values for each checkbox/radiobox
$myboxes = array('display_name' => 0, 'display_email' => 0);
// define the function somewhere
function check_Cboxes($checkboxs, $member_id,$description,$ip){
// check only what is in $checkboxs, grab 2 values
foreach($checkboxs as $name => $value){
if(in_array($name,array_keys($_POST))){
// is in $_POST and have a value? then is checked
if(intval($_POST[$name]) != 1){
// notify, logout, kill the bad guy here
}else{
// if you want to be 'nice', :)
$checkboxs[$name] = 1;
}
}
}
return $checkboxs;
}
// use it somewhere, $checkedvalues will have the correct values taken from $_POST or the default values from $myboxes
$checkedvalues = check_Cboxes($myboxes, $member_id,$description,$ip);
this will expect to use '1' and '0' for values in $_POST.
best regards
|
|
