[SOLVED] Multi Part Form

[Omzy]

I have a multi part form on my site called signup.php. It is one file that has 3 forms in total and each part of the form is in its own FUNCTION, as follows:

 

$errors=array();

if($_SERVER['REQUEST_METHOD'] != 'POST') { //upon page load
form1($_POST);
}

else if($_POST['process'] == 1) {
if(strlen($_POST['name']) < 3) { //form validation
$errors[]='name';
}

if(!empty($errors)) {
form1($errors);
}
else {
form2($_POST); //POST the values to form2
}

else if($_POST['process'] == 2) {
if(strlen($_POST['selection']) < 3) {
$errors[]='selection';
}

if(!empty($errors)) {
form2($errors);
}
else {
form3($_POST);
}

else if($_POST['process'] == 3) {
conf_form($_POST);
}

 

Each part of the form has a hidden varaible called "process" and also contains hidden variable of the POST values from the previous part of the form.

 

I was wondering is there another (better) way of doing this, without using functions? The problem iwth using functions is I have to declare stuff globally, etc. I beleive it can be done using sessions, if so how can I modify my script to use sessions?

[Omzy]

Anyone?

[.josh]

pass the info via session variables.

[Omzy]

Can you give me example, based on my script?

 

So do u mean instead of using $_POST(), I should use $_SESSION() everywhere?

[.josh]

page1.php

<?php
  session_start(); 

  // display page 1 of form, submit to page2
?>

 

page2.php

<?php
  session_start();
  $_SESSION['page1'] = $_POST;

  // display page 2 of form, submit to page3
?>

 

page3.php

<?php
  session_start();
  $_SESSION['page2'] = $_POST;

  // display page 3 of form, submit to processing script
?>

 

processingScript.php

<?php
  session_start();

  // example: dump all info to see where they are
  echo "<pre>";
  
  // page 1
  print_r($_SESSION['page1']);

  // page 2
  print_r($_SESSION['page2']);

  // page 3
  print_r($_POST);

?>

[Omzy]

Cool, that looks good, I'll give it a bash tonight.

 

BTW do you know how I can seperate pieces of code within the same file, without having to put them in to a function?

 

I.e. organising the code on the page into their own "sections" and then "including" them when/where required.

[.josh]

that's what functions are for.  Alternatively you can create a class.  Or put the code in separate files and include or require when necessary.

[Omzy]

Cheers man. Also with regards to sessions I heard these can be easily hacked? How can I make this more secure?

[.josh]

Sessions are hacked because people do not use them properly, or else they are using them on a server that is not set up properly, or else they are using them on a shared server, where it's not as secure in general.

 

If you really feel nervous about it, you can do things like create your own session ids, store them in a database, pass tokens to the users on the forms to validate and make sure data is coming from them, etc..

 

But considering your previous method involved just passing stuff in hidden fields... I do not think you really need to be worrying about whether these session variables will be hacked or not.  Whatever level of secure sessions are, it's a lot more secure than what you're doing right now. 

 

Personally, I would just focus on validating the submitted information in your process script.  If the data being submitted is sensitive enough to warrant it, consider getting a certificate to have your pages be https (ssl).