tefuzz

that's what I am doing, but even if I leave the page and come back, it still keeps the session going and my values are still there...

took a look at that, but the page you linked to shows about having some malicious code within a page. when pulled up by a user with permissions it executes. should I be using something like $_SERVER['HTTP_REFERER'] to check? basically, if the token is set, but the referer is not my site, i can show them a session error or something? but looking at the PHP manula it says HTTP_REFERER "...This is set by the user agent. Not all user agents will set this, and some provide the ability to modify HTTP_REFERER as a feature. In short, it cannot really be trusted..." any ideas?

Well so that i dont have to write my password again and again. I am a kid of 15 years and my friend who becomes oversmart challenged me to do so. I beg u to solve my problem. thats why browsers have "do you want me to remember this password?" and autoComplete... all you have to do is click twice, and your username and password are in.

been looking around for answers, did not find much yet. anyone have any ideas?

ok, now I have another problem. I have the form validation set so that if there are errors it automatically fills in the valid fields again so the user doesn't need to retype everything for 1 error. However, If i run the script with an error, it fills in my valid data just like I want. Now the catch is, If I leave the page and go to say google.com, and go back, my form fields will still be filled in with that data. What can I do to make sure that if they leave the "session" it clears, and they have to start over again? Only if they leave the form (multi part) and come back. If they go to step2 and come back to step1, I want to keep the data.

OK, well I think I fixed one part of it... I changed this line of my page: <form action="step1.php" method="post" enctype="multipart/form-data" name="tutorApp" class="tutorAppForm"> to this: <form action="<?php echo($_SERVER['PHP_SELF']); ?>" method="post" enctype="multipart/form-data" name="tutorApp" class="tutorAppForm">

I have the first IF checking to see if they pressed the "next" button. If not, then it must be the first time on the page, so I am assigning a token. If it is pressed, then it is checking the token against the hidden input to see if they match. Or at least that what I thought it was doing.

I am trying to use a session token to protect my form a little bit for hijacking, and from timeouts in case the user takes 4 hours to complete it, the information will be cleared so someone couldn't hijack their data either. i have it creating a token automatically, and passing it through $_POST inside a hidden input 'token' I can't however get it to work...my code is this...seemed like it would work, but I always get "session error!". and yes, the hidden input for 'step1' is there. <?php session_start(); if (!isset($_POST['step1'])) { $_SESSION['token'] = uniqid(md5(microtime()), true); } elseif ($_POST['token'] !== $_SESSION['token']) { echo "session error!"; } else { ...this is where the validation goes...

I remember what it was! I was originally going to use $fields as $required, and pass it through a validation function but decided against it , I guess I just kept going with it without realizing and worked it into the $_SESSION

good question...for some reason I hadn't thought of just going directly to the $_POST

here's what comes out...I only entered firstname, lastname, month, day, and year Array ( [step1] => step1 [token] => 353cefcd1509a11e67b8196efb41284849eef876e280b4.76260405 [firstname] => dsvcasdv [lastname] => asdvasdvdsv [month] => Feb [day] => 4 [year] => 2005 [add1] => [add2] => [city] => [state] => [zip] => => [tel] => [submit] => Next ) dsvcasdv asdvasdvdsv Feb 4 2005

I'm a newbie too, i had asked a similar question to this, and got lots of advice. I decided to go with the switch(). just seemed cleaner, and easier to manage than a bunch of IF statements.

I have an IF statement checking to see if the form has been posted via a hidden input, this code is executed only after the form is submitted...how to i add the $_POST values to the $_SESSION array then with that?

you could also use a switch to accomplish the same goal...my index page is set up this way with multiple variables in the URL to determine what exactly the visitor is doing. but as wolfrage said, your URL would need to be something like http://www.mysite.com/index.php?code=1 (assuming the file you are using is named index.php) here's a quick example... $code = $_GET['code']; switch($code) { default: include('default.php'); break; case "1": include('one.php'); break; case "2": include('two.php'); break; }

I have a multi part form, and each step I am validating the previous step. I am storing all the values into a session, and i thought this was a way to do it, but my echo just gives me blank lines... $fields = array("firstname", "lastname", "month", "day", "year", "address1", "address2", "email", "telephone"); foreach ($fields as $field) { $_SESSION[$field] = $_POST[$field]; echo $_SESSION[$field] . "\n"; }