Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 9 of 9
  1. #1
    New Coder
    Join Date
    Dec 2011
    Posts
    20
    Thanks
    4
    Thanked 0 Times in 0 Posts

    Multiple Submits/Posts?

    Below are two scripts designed to work together on the same PHP page: A password tool, and a flat-file editing tool. Separately, they work just fine. But together, there are two $_POST functions being used. The password tools works, and the flat-file editing tool doesn't. Any suggestions?

    PHP Code:
    /* BEGIN SHA1 PASSWORD TOOL */

    <?php

    $password 
    = array('dbbbceb206baea597875db9d6aa7ef5baca7e265');

    session_start();
    if (!isset(
    $_SESSION['loggedIn'])) {
        
    $_SESSION['loggedIn'] = false;
    }

    if (isset(
    $_POST['password'])) {
        if (
    in_array(sha1($_POST['password']), $password)) {
            
    $_SESSION['loggedIn'] = true;

    /* BEGIN EDITOR */

    if($_POST['Submit']){
    $open fopen("filethatgetsedited.txt","w+");
    $text $_POST['update'];
    fwrite($open$text);
    fclose($open);
    echo 
    "<img id=\"alert\" src=\"alert.png\">"
    }else{
    $file file("filethatgetsedited.txt");
    echo 
    "<div id=\"draggable\"><form action=\"".$PHP_SELF."\" method=\"post\"><img src=\"bar.png\" id=\"textbar\"><textarea Name=\"update\" spellcheck=\"false\">";
    foreach(
    $file as $text) {
    echo 
    $text;

    echo 
    "</textarea><br>";
    echo 
    "<input name=\"Submit\" id=\"sbmt\" type=\"submit\" value=\"Activate\" />\n
    </form></div>"
    ;
    }

    /* END EDITOR */

        
    } else {
            
    header("location: index.php");
        die();
        }


    if (!
    $_SESSION['loggedIn']): ?>

    <!-- BEGIN HTML PASSWORD INPUT -->

    <form method="post">
        <input type="password" name="password" id="passt">
        <input type="submit" name="sub">
    </form>

    <!-- END HTML PASSWORD INPUT -->

    <?php
    endif;
    ?>

    /* END SHA1 PASSWORD TOOL */

  • #2
    Senior Coder
    Join Date
    Jan 2011
    Location
    Missouri
    Posts
    4,081
    Thanks
    23
    Thanked 592 Times in 591 Posts
    <input type="submit" name="sub">
    Means this
    if($_POST['Submit']){
    won't work
    use this:
    <input type="submit" name="Submit">

    and where do we get $_POST['update'] so this works?
    $text = $_POST['update'];

    May be others, but I stopped here.
    Evolution - The non-random survival of random variants.

    "If you leave hydrogen alone, for long enough, it begins to think about itself."

  • #3
    New Coder
    Join Date
    Dec 2011
    Posts
    20
    Thanks
    4
    Thanked 0 Times in 0 Posts
    Ah, I see what you mean. In this case though, if($_POST['Submit']){ refers to <input name=\"Submit\" id=\"sbmt\" type=\"submit\" value=\"Activate\" />, not <input type="submit" name="sub">.

  • #4
    Senior Coder CFMaBiSmAd's Avatar
    Join Date
    Oct 2006
    Location
    Denver, Colorado USA
    Posts
    3,019
    Thanks
    2
    Thanked 313 Times in 305 Posts
    Your form processing code needs to be separated. You have pasted your editor form processing code inside your login form processing code and the resulting logic will never be TRUE and run your editor's form processing code.
    If you are learning PHP, developing PHP code, or debugging PHP code, do yourself a favor and check your web server log for errors and/or turn on full PHP error reporting in php.ini or in a .htaccess file to get PHP to help you.

  • #5
    New Coder
    Join Date
    Dec 2011
    Posts
    20
    Thanks
    4
    Thanked 0 Times in 0 Posts
    The reason I put the editor code inside the password protection script is ... well ... to protect it. Do you have a better way to go about implementing both password protection and flat-file editing?

  • #6
    Senior Coder
    Join Date
    Jan 2011
    Location
    Missouri
    Posts
    4,081
    Thanks
    23
    Thanked 592 Times in 591 Posts
    Quote Originally Posted by Charlie8776 View Post
    The reason I put the editor code inside the password protection script is ... well ... to protect it. Do you have a better way to go about implementing both password protection and flat-file editing?
    SESSIONs should take care of that, but you can add a cookie that expires on log out and $_SERVER["HTTP_REFERER"] to make sure they are coming from the correct page - the one that checks their password.
    The manual says not to trust this because it's browser formed and people can bypass it. But all three????? You could have them enter the password again to make the changes or a second password.

    AND yes people can do anything, this just makes it harder not fool proof.
    Evolution - The non-random survival of random variants.

    "If you leave hydrogen alone, for long enough, it begins to think about itself."

  • #7
    Senior Coder
    Join Date
    Feb 2011
    Location
    Your Monitor
    Posts
    4,298
    Thanks
    57
    Thanked 525 Times in 512 Posts
    Blog Entries
    5
    Quote Originally Posted by sunfighter View Post
    <input type="submit" name="sub">
    Means this
    if($_POST['Submit']){
    won't work
    use this:
    <input type="submit" name="Submit">
    eek!

    Have you forgotten about this bug that internet explorer still has?

    I've just had surgery so I'm not typing too much - i'll let you explain the rest
    See my new CodingForums Blog: http://www.codingforums.com/blogs/tangoforce/

    Many useful explanations and tips including: Cannot modify headers - already sent, The IE if (isset($_POST['submit'])) bug explained, unexpected T_CONSTANT_ENCAPSED_STRING, debugging tips and much more!

  • #8
    Senior Coder
    Join Date
    Jan 2011
    Location
    Missouri
    Posts
    4,081
    Thanks
    23
    Thanked 592 Times in 591 Posts
    No tangoforce, I have not forgot and have explained this to others before while you were away.
    So what was wrong that they had to cut, if I may ask?
    Evolution - The non-random survival of random variants.

    "If you leave hydrogen alone, for long enough, it begins to think about itself."

  • #9
    Senior Coder
    Join Date
    Feb 2011
    Location
    Your Monitor
    Posts
    4,298
    Thanks
    57
    Thanked 525 Times in 512 Posts
    Blog Entries
    5
    Something painful!
    See my new CodingForums Blog: http://www.codingforums.com/blogs/tangoforce/

    Many useful explanations and tips including: Cannot modify headers - already sent, The IE if (isset($_POST['submit'])) bug explained, unexpected T_CONSTANT_ENCAPSED_STRING, debugging tips and much more!


  •  

    Tags for this Thread

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •