Hello, I am currently working on a site that uses CAS authentication, my problem is to keep my site secure, mainly my form processor at this point. With this my form processor has a function call at the top to make sure the user is currently logged in and authenticated, before it processes the form data and submits it to a data base(well at least that's the hope).
What I am running into however is that when the form is being sent to processed using POST it is sent to my 'submit.php' that looks something like this
<?php
//cas Auth
include_once('CAS.php');
phpCAS::setDebug();
phpCAS::client(CAS_VERSION_2_0,'auth.cas.foo',443,'');
phpCAS::forceAuthentication();
phpCAS::setNoCasServerValidation();
phpCAS::forceAuthentication();
if (isset($_REQUEST['logout'])) {
phpCAS::logout();
}
$user = phpCAS::getUser();
?>
<?php
$school = $_POST["School"];
$department = $_POST["department"];
$course = $_POST["course"];
$url = $_POST["url"];
$comments = $_POST["comments"];
$con = mysql_connect("localhost","root","");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("wake2_development", $con);
$username = $user;
echo $_POST["School"];
$sql="INSERT INTO contents (School, department, course, url, comments, username)
VALUES
('".$school."','".$department."','".$course."','".$url."','".$comments."','".$username."')";
if (!mysql_query($sql,$con))
{
die('Error: ' . mysql_error());
}
echo "1 record added";
mysql_close($con)
?>
The problem with this is that when the vairiables are sent using POST they are lost when the CAS controller is called because it is actually going to another file and All variables are dropped. Does any one have an idea of a sleek and easy way around this or another way to go about this?
Please Help.
Thanks,
Tblade