tblade

Thanks to all who replied. As it turns out I was able to work around by starting a new session and saving the variables into session wide variables as suggested earlier. After doing some experimenting, which is hard to do with CAS, I found that the error I wasn't as big of a problem. I changed some scripting to allow it to ignore the kill function being called and not give me an error. This overall still gave me the security I was looking for and also allowed me to use my form processor as needed.

I am building a form that needs to have 3 select 'dropdowns' all three are filled from a database, where the last 2 are dependent on the one above it. all three are calling out of different tables/databases (which is to be expected) the first dropdown (dd) pulls from a database with 2 columns 'category' 'cat_id' depending on what is selected the second dropdown is loaded pulling everything with a matching 'cat_id' the second database has 3 columns 'subcategory', 'cat_id', and 'cat_code' (the cat_code is a string value). the third dd is then populated based on the 'cat_code' and pulls a value called name. I am new to php and ajax and i have limited java script experience. I have to make sure the dd reload without reloading the whole page so setting variables to outside the page with get or post is out of the question (otherwise i would have this finished) Any help I do have the first dd autopopulating when the page is called but if it needs to be re-worked thats fine too any help would be greatly appreciated

This is partially true, it still has to check to make sure the session is current and there for goes past the current php page (submit.php) on to CAS.php and then some other pages for all the functions. The problem here is that PHP only allows POST sent items available to the first php page it is sent to and therefor loosing any form data sent. CAS has to be called at the beginning of each page this provides security throughout the site so even if the person is logged in they are still checked to make sure they are logged in with a valid ticket id and so forth. And since it has closed session variables (at least to my knowledge) i am unable to use them and make my form data available throughout the session. Thus creating my problem. The form processor runs but all the variables become unindexed making them blank and there for filling my db with null entries

As it turns out i was doing some digging and that's exactly how it is done and i think its because the CAS system uses a very precise way of parsing the session information. My next question is there a way to not use session_start(); and still set session variables? Is there a way to try and pull the other CAS SESSION?

The problem is that when i do it bombs. I try just setting the session variables and i will get un-indexed errors from my server. I have no idea why but i have a feeling the CAS controller is not allowing it happen.

The problem with this is that CAS already calls a session or has the session, and thus starting a new one makes its session ignored thus keeping my db venerable to none authorized users. CAS is a single sign on service for multiple web applications. (one sign on for tons of non-related web services) any other ideas?

Hello, I am currently working on a site that uses CAS authentication, my problem is to keep my site secure, mainly my form processor at this point. With this my form processor has a function call at the top to make sure the user is currently logged in and authenticated, before it processes the form data and submits it to a data base(well at least that's the hope). What I am running into however is that when the form is being sent to processed using POST it is sent to my 'submit.php' that looks something like this <?php //cas Auth include_once('CAS.php'); phpCAS::setDebug(); phpCAS::client(CAS_VERSION_2_0,'auth.cas.foo',443,''); phpCAS::forceAuthentication(); phpCAS::setNoCasServerValidation(); phpCAS::forceAuthentication(); if (isset($_REQUEST['logout'])) { phpCAS::logout(); } $user = phpCAS::getUser(); ?> <?php $school = $_POST["School"]; $department = $_POST["department"]; $course = $_POST["course"]; $url = $_POST["url"]; $comments = $_POST["comments"]; $con = mysql_connect("localhost","root",""); if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db("wake2_development", $con); $username = $user; echo $_POST["School"]; $sql="INSERT INTO contents (School, department, course, url, comments, username) VALUES ('".$school."','".$department."','".$course."','".$url."','".$comments."','".$username."')"; if (!mysql_query($sql,$con)) { die('Error: ' . mysql_error()); } echo "1 record added"; mysql_close($con) ?> The problem with this is that when the vairiables are sent using POST they are lost when the CAS controller is called because it is actually going to another file and All variables are dropped. Does any one have an idea of a sleek and easy way around this or another way to go about this? Please Help. Thanks, Tblade