Jump to content

form question


cdoyle

Recommended Posts

Hi,

 

I was creating something new for my game, I started to use a form got the page pretty much working and realized something.

 

I have the following form on my page.

 

A user could easily save the source, and open it via a browser on their machine and just change the values of those variables and put the ful path to the script and it would work.

 

How do I prevent this from happening?

 

$cost = $getspy1['level'] * 2000;
            $xspyid = $getspy1['id'];
  echo "<form method=\"post\" action=\"spylog.php?act=confirm\">";
            echo "<input type=\"hidden\" name=\"cost\" value=\"$cost\">";
            echo "<input type=\"hidden\" name=\"spyid\" value=\"$spyid\">";
            echo "<input type=\"submit\" name=\"yes\" value=\"Yes, I am sure!\">";
            echo "</form>";

Link to comment
https://forums.phpfreaks.com/topic/133430-form-question/
Share on other sites

force a session to exist before the form is submitted?

 

it really all depends im seeing from a game standard they would need to log in somehow right?

 

if so make a session if session unset the form wont submit

 

Yes the users need to be logged into play.

I'm not sure how do make it so the session needs to be set for the form to submit??

 

Here is my current page, that I thought I had all working right until just now and how easy it is to bypass everything.

 

 

 

[attachment deleted by admin]

Link to comment
https://forums.phpfreaks.com/topic/133430-form-question/#findComment-694041
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.