muppet77 Posted August 9, 2017 Share Posted August 9, 2017 Hi. I've got a setup at the moment that goes : 1. User completes a HTML form which gets passed by hidden forms to 2. A php/HTML page that uses this data by POST to then draw a graph in 3. Using phplot. Again the data is passed on a hidden form and POSTS are used. My question is how can I change the set up so that users cannot access the posted data? Thank you. Link to comment Share on other sites More sharing options...
Jacques1 Posted August 9, 2017 Share Posted August 9, 2017 Why does this matter? What's the problem if the user accesses the data? Link to comment Share on other sites More sharing options...
Sepodati Posted August 9, 2017 Share Posted August 9, 2017 My question is how can I change the set up so that users cannot access the posted data? You can't. If you have to POST it, then it has to be with the user as a part of the request. As mentioned, though, why does it matter? Link to comment Share on other sites More sharing options...
muppet77 Posted August 9, 2017 Author Share Posted August 9, 2017 Hi. The user gets a graph out out at the end and I don't want them to have access to the sensitive raw data due to the time it took for me to collect. Is there another way? Link to comment Share on other sites More sharing options...
Sepodati Posted August 9, 2017 Share Posted August 9, 2017 Keep the data server side, then. Pass along a reference to it if you have to pass something via forms. I don't think the flow has been explained enough here to understand why you're involving POST to begin with. Link to comment Share on other sites More sharing options...
muppet77 Posted August 9, 2017 Author Share Posted August 9, 2017 Hi. My description and explanations are pretty simple I'm afraid - only because of my newness to this. I've cobbled together some php pages and the user inputs some requirements in a HTML "hidden" form which is then passed to the next php page. A POST command gets the previously inputted data and then draws a graph in phplot. I've done it his way as it's the only way I know how. Is there a way where the user can't see the "hiddden" data that is passed on by the php pages (as some of it comes from an equation that I'd like to remain secret)? Thanks. Link to comment Share on other sites More sharing options...
Sepodati Posted August 9, 2017 Share Posted August 9, 2017 Is there a way where the user can't see the "hiddden" data that is passed on by the php pages No. If you send it as a part of the page, the user can do whatever they want with it. Maybe look into sessions here to store the values? I assume they're specific to each user's request and that's a reason why the can't just be PHP variables/constants/functions strictly in the PHP script? Link to comment Share on other sites More sharing options...
muppet77 Posted August 9, 2017 Author Share Posted August 9, 2017 Yes they are specific to each user. The second php page then manipulates this data to get new values. These values are he ones I don't want the user to see. These new values are then passed to script three where the graph is drawn in phplot. Ideally I just want them to get the final graph with being able to see the POSTED data. You mention sessions....? Link to comment Share on other sites More sharing options...
Sepodati Posted August 9, 2017 Share Posted August 9, 2017 http://php.net/manual/en/intro.session.php Link to comment Share on other sites More sharing options...
mac_gyver Posted August 9, 2017 Share Posted August 9, 2017 The second php page then manipulates this data to get new values. These values are he ones I don't want the user to see. These new values are then passed to script three where the graph is drawn in phplot. the second page should also produce the plot. there's no need for a third page. Link to comment Share on other sites More sharing options...
muppet77 Posted August 9, 2017 Author Share Posted August 9, 2017 Thanks both. I will investigate what sessions are. Link to comment Share on other sites More sharing options...
muppet77 Posted August 9, 2017 Author Share Posted August 9, 2017 So this example by ranc - http://php.net/manual/en/session.examples.php Is this what you mean? I'm not sure I follow how I'd use this. Link to comment Share on other sites More sharing options...
muppet77 Posted August 9, 2017 Author Share Posted August 9, 2017 Thanks for your patience with me! Link to comment Share on other sites More sharing options...
Sepodati Posted August 9, 2017 Share Posted August 9, 2017 Yeah, why can't you draw the graph on page 2? Honestly, if you want anymore advice past this, you're going to need to start sharing code for each of the pages, so we can see what's really going on. Blank out your secret formulas, if necessary, but we have to see the flow clearly. Link to comment Share on other sites More sharing options...
muppet77 Posted August 9, 2017 Author Share Posted August 9, 2017 Thanks. I've read up on sessions and had a go in php, successfully getting a variable from one page to another. General question - can a variable in a session be viewed by a user at all if it is not echoed? Eg using Firebug or somehinf to see what's happening behind the script? Thanks Link to comment Share on other sites More sharing options...
Sepodati Posted August 9, 2017 Share Posted August 9, 2017 General question - can a variable in a session be viewed by a user at all if it is not echoed? Eg using Firebug or somehinf to see what's happening behind the script? No, the user only sees the reference to the data, something the server uses to identify where the real data is at for that user. The data only exists on the server. EDIT: That said, it's not a "secure" place to store things. You could echo $_SESSION or something containing session values accidentally or leave up a test script that exposes it or have a PHP vulnerability that can expose it. Link to comment Share on other sites More sharing options...
cyberRobot Posted August 9, 2017 Share Posted August 9, 2017 In case you're interested, the following page talks about session security http://php.net/manual/en/features.session.security.management.php Link to comment Share on other sites More sharing options...
muppet77 Posted August 9, 2017 Author Share Posted August 9, 2017 Ah thanks. If the "secret equation" is kept secret or at least the data it generates, then this may be the ticket. Thanks all. Link to comment Share on other sites More sharing options...
muppet77 Posted August 10, 2017 Author Share Posted August 10, 2017 Right think I've done it. If I post a URL please could someone have a look to see what "hidden" info you can get at, if any? (Not sure if I can post urls) Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.