Hidden fields fun and practise

fortnox007 · August 7, 2010

Hi all,

I just wrote an extremely insecure app with hidden fields just to get more familiar with hidden-fields and there risks.

Its a simple game where one is shown a number with the question to predict the next number. options are higher lower and equal to. I already know how to edit the fields (in firebug) in order to get the options for higher and lower to give me a success. But I was really wondering what special sign or code should be put in to let the equation always be true. Because in the part below, there will this equation: $number==$_POST['secretnumber']

here goes some code for the action.

<?php

//just some random number

$number = $number.mt_rand(1,100000);

//if statements

if (isset($_POST['higher'])){ //if one presses higher

if($number>$_POST['secretnumber']){

echo 'congrats';

} else {

echo 'too bad!'; }

if (isset($_POST['lower'])){ //if one presses lower

if($number<$_POST['secretnumber']){

echo 'congrats';

} else {

echo 'too bad!'; }

if (isset($_POST['equalto'])){ //if one presses equal to

if($number==$_POST['secretnumber']){

echo 'congrats';

} else {

echo 'too bad!'; }

echo $number;

?>

hereunder the part of the form where the hidden field is stored to pas along in a POST var

<form action="index.php" method="post">



<input type="hidden" name="secretnumber" value="<?php echo $number; ?>" />

<input type="submit" value="higher" name="higher" />

<input type="submit" value="higher" name="lower" />

<input type="submit" value="higher" name="equalto" />

</form>

So in a nutshell what I want to know is what I have to put in the value of the hidden-field for the third if-statement (the ones that says equal to) to be correct.

Sign In

Hidden fields fun and practise

Recommended Posts

fortnox007

Link to comment

Share on other sites

Join the conversation

Browse

Activity

Important Information