Netcasters Posted October 31, 2007 Share Posted October 31, 2007 I’m working on a Joomla component (don’t let that scare you) for forms. I’m trying to limit access to specific forms until the previous ones have been completed. I started by using a $_SESSION variable set at a specific point that each user must pass to go on. That worked marvelously. I’m trying to add a second step and the page is not being stopped. Here is my code as is (I’m very green at writing PHP, please be nice). if ( $_REQUEST['formid'] == 2 and $_SESSION['uccverified'] != 1) { $_SESSION['uccverified'] = 0; header ("Location: http://www.floracraft.com/index.php?option=com_performs&formid=1"); exit; } elseif ( $_REQUEST['formid'] == 2 and $_SESSION['uccverified'] = 1) { $_SESSION['uccverified'] = '2'; } elseif ( $_REQUEST['formid'] == 3 and $_SESSION['uccverified'] != 2) { $_SESSION['uccverified'] = 0; header ("Location: http://www.floracraft.com/index.php?option=com_performs&formid=1"); exit; } elseif ( $_REQUEST['formid'] == 3 and $_SESSION['uccverified'] = 2) { unset ($_SESSION['uccverified']); } The first checkpoint works. If you try to access formid=2 and you have not passed the checkpoint where the $_SESSION variable is set, you get automatically sent back to formid=1. If I try to browse to formid=3, however, I am not reverted back to formid=1. My deadline on this is about an hour. This was a last minute change for security measures and I need to get this going. Please help! Quote Link to comment Share on other sites More sharing options...
thebadbad Posted October 31, 2007 Share Posted October 31, 2007 Shouldn't it be "&&" instead of "and" in the if and elseif statements? EDIT: Sorry, just found out it's okay to use "and" Quote Link to comment Share on other sites More sharing options...
revraz Posted October 31, 2007 Share Posted October 31, 2007 All of your "uccverified" have = 1 instead of == 1 Quote Link to comment Share on other sites More sharing options...
revraz Posted October 31, 2007 Share Posted October 31, 2007 && has a higher precedence than AND, but it should work. Shouldn't it be "&&" instead of "and" in the if and elseif statements? Quote Link to comment Share on other sites More sharing options...
Netcasters Posted October 31, 2007 Author Share Posted October 31, 2007 I've made both of those changes listed. The uccverified now gets set correctly, but I am still able to simply input formid=3 in my url and it takes me to form 3 rather than redirecting me to form 1. I really appreciate both of your lightning fast responses. Quote Link to comment Share on other sites More sharing options...
revraz Posted October 31, 2007 Share Posted October 31, 2007 On the top of each page, you need to make sure you have the session_start() function and then check the verified variable and if it's not true, send them back to the first page. I've made both of those changes listed. The uccverified now gets set correctly, but I am still able to simply input formid=3 in my url and it takes me to form 3 rather than redirecting me to form 1. I really appreciate both of your lightning fast responses. Quote Link to comment Share on other sites More sharing options...
Netcasters Posted October 31, 2007 Author Share Posted October 31, 2007 I've got the session_start() called up at the beginning of the files, which is why the check worked on the first 2 forms. The only problem I'm having is that the system is not stopping someone from direct-browsing to formid=3. That's the only part that's not working and if I had hair I'd have torn it out already because I simply can't figure out why. The code seems like it should work, logically. But like I said, I'm very green at PHP code. Quote Link to comment Share on other sites More sharing options...
revraz Posted October 31, 2007 Share Posted October 31, 2007 Tell me what uccverified 0,1, & 2 means in your logic. Do you have this same elseif code on all three pages or just the main one? If just the main one, post the code on the other two pages that require verification and how you are checking it. Quote Link to comment Share on other sites More sharing options...
Netcasters Posted October 31, 2007 Author Share Posted October 31, 2007 Here is the first checkpoint. When they input the UCC code, it must match one of 8 numbers. This is probably crude, but it works: function isUCC( $strInput ) { if ($strInput == '20046501023227' or $strInput == '10046501023220' or $strInput == '20046501025474' or $strInput == '10046501025477' or $strInput == '20046501025481' or $strInput == '10046501025484' or $strInput == '20046501025726' or $strInput == '10046501025729') { $_SESSION['uccverified'] = '1'; return true; } else { return false; } } This is only run in the form is looking for a validation. My second forms are not looking for validation, so this is only run once in the entire process. The information is then returned to the phpForm file where my code is listed. Here is the newest version of code: if ( $_REQUEST['formid'] == 2 && $_SESSION['uccverified'] !== 1) { $_SESSION['uccverified'] = 0; header ("Location: http://www.floracraft.com/index.php?option=com_performs&formid=1"); exit; } elseif ( $_REQUEST['formid'] == 2 && $_SESSION['uccverified'] == 1) { $_SESSION['uccverified'] = '2'; } elseif ( $_REQUEST['formid'] == 3 && $_SESSION['uccverified'] !== 2) { $_SESSION['uccverified'] = 0; header ("Location: http://www.floracraft.com/index.php?option=com_performs&formid=1"); exit; } elseif ( $_REQUEST['formid'] == 3 && $_SESSION['uccverified'] == 2) { unset ($_SESSION['uccverified']); } My theory behind the uccverified is to just make it a check point for a value to allow the script to run. If it is equal to a specific value, it means that the previous checkpoint has been met and the user may go on. If the value was not set it means that the user was most likely trying to bypass steps and will therefore be sent back to the beginning. Does that make sense? Quote Link to comment Share on other sites More sharing options...
kratsg Posted October 31, 2007 Share Posted October 31, 2007 Hmm, I can easily shorten this. Don't need to quote numbers, unless you want them treated as strings. o_o True/False example: function isUCC( $strInput ) { if ($strInput == '20046501023227' or $strInput == '10046501023220' or $strInput == '20046501025474' or $strInput == '10046501025477' or $strInput == '20046501025481' or $strInput == '10046501025484' or $strInput == '20046501025726' or $strInput == '10046501025729') { $_SESSION['uccverified'] = 1; return true; } else { return false; } } Here is my re-write of if/else statements if ( $_REQUEST['formid'] == 2 && $_SESSION['uccverified'] == 1) { $_SESSION['uccverified'] = 2; } elseif ( $_REQUEST['formid'] == 3 && $_SESSION['uccverified'] == 2) { unset ($_SESSION['uccverified']); } else { $_SESSION['uccverified'] = 0; header ("Location: http://www.floracraft.com/index.php?option=com_performs&formid=1"); exit; } If formid is 2 and session is 1, set session to 2 and continue. Else if formid is 3 and session is 2, unset session. Else (all other cases), set session to 0 and redirect. Quote Link to comment Share on other sites More sharing options...
revraz Posted October 31, 2007 Share Posted October 31, 2007 I was seeing why you required 3 uccverified settings (0,1,2). Lets just say $strInput = one of your values in your Function. You set $_SESSION['uccverified']='1' I assume 1 means verified for page 1, 2 means verified for page 2, and 3 for 3 and 0 for none So now the user is verified and they try to go to form1, form2 or form3. Each page requires their own unique setting so try not to check all the pages in every form, you only care about what it takes to get to that page. Form 1 requires $_SESSION['uccverified']='1', so just check that value on that form. Once the conditions on form1 are met, set $_SESSION['uccverified']='2'. Form 2 requires $_SESSION['uccverified']='2', so just check that value on that form, then do the same for 3. I think you are overcomplicating it, trying to check all 3 forms at the same time with the same code. Quote Link to comment Share on other sites More sharing options...
kratsg Posted October 31, 2007 Share Posted October 31, 2007 I was seeing why you required 3 uccverified settings (0,1,2). Lets just say $strInput = one of your values in your Function. You set $_SESSION['uccverified']='1' I assume 1 means verified for page 1, 2 means verified for page 2, and 3 for 3 and 0 for none So now the user is verified and they try to go to form1, form2 or form3. Each page requires their own unique setting so try not to check all the pages in every form, you only care about what it takes to get to that page. Form 1 requires $_SESSION['uccverified']='1', so just check that value on that form. Once the conditions on form1 are met, set $_SESSION['uccverified']='2'. Form 2 requires $_SESSION['uccverified']='2', so just check that value on that form, then do the same for 3. I think you are overcomplicating it, trying to check all 3 forms at the same time with the same code. Ehhh, he's probably using that as a check each time the form page is accessed. So that he just uses a switch($SESSIONVALUE) to echo out the form they need, etc... O_o It makes sense, ehh :-\ But maybe I'm interpreting it wrong. Quote Link to comment Share on other sites More sharing options...
Netcasters Posted October 31, 2007 Author Share Posted October 31, 2007 I was seeing why you required 3 uccverified settings (0,1,2). Lets just say $strInput = one of your values in your Function. You set $_SESSION['uccverified']='1' I assume 1 means verified for page 1, 2 means verified for page 2, and 3 for 3 and 0 for none So now the user is verified and they try to go to form1, form2 or form3. Each page requires their own unique setting so try not to check all the pages in every form, you only care about what it takes to get to that page. Form 1 requires $_SESSION['uccverified']='1', so just check that value on that form. Once the conditions on form1 are met, set $_SESSION['uccverified']='2'. Form 2 requires $_SESSION['uccverified']='2', so just check that value on that form, then do the same for 3. I think you are overcomplicating it, trying to check all 3 forms at the same time with the same code. The problem is, because this is a component for Joomla, each form is built dynamically from a database. Each form runs through all the same files, which is why I needed to do a check on a single file for each form. Your way is much easier, but I don't see how it could be compatible with a component for a CMS. Quote Link to comment Share on other sites More sharing options...
revraz Posted October 31, 2007 Share Posted October 31, 2007 No problem, you prefaced your issue with don't let Joomla scare me, so I threw out ideas Quote Link to comment Share on other sites More sharing options...
Netcasters Posted October 31, 2007 Author Share Posted October 31, 2007 Here is my re-write of if/else statements if ( $_REQUEST['formid'] == 2 && $_SESSION['uccverified'] == 1) { $_SESSION['uccverified'] = 2; } elseif ( $_REQUEST['formid'] == 3 && $_SESSION['uccverified'] == 2) { unset ($_SESSION['uccverified']); } else { $_SESSION['uccverified'] = 0; header ("Location: http://www.floracraft.com/index.php?option=com_performs&formid=1"); exit; } If formid is 2 and session is 1, set session to 2 and continue. Else if formid is 3 and session is 2, unset session. Else (all other cases), set session to 0 and redirect. This code creates a continuous loop directing the browser to formid=1. Hence: Firefox has detected that the server is redirecting the request for this address in a way that will never complete. Quote Link to comment Share on other sites More sharing options...
kratsg Posted October 31, 2007 Share Posted October 31, 2007 OOPS! Forgot this was stupid Joomla xD Add this one line for fix NEWLY UPDATED if ( $_REQUEST['formid'] == 2 && $_SESSION['uccverified'] == 1) { $_SESSION['uccverified'] = 2; } elseif ( $_REQUEST['formid'] == 3 && $_SESSION['uccverified'] == 2) { unset ($_SESSION['uccverified']); } elseif ($_REQUEST['formid'] == 1 && $_SESSION['uccverified'] == 0){ exit; } else { $_SESSION['uccverified'] = 0; header ("Location: http://www.floracraft.com/index.php?option=com_performs&formid=1"); exit; } } Had to add the first formid as the final check o_o Quote Link to comment Share on other sites More sharing options...
Netcasters Posted October 31, 2007 Author Share Posted October 31, 2007 OOPS! Forgot this was stupid Joomla xD Add this one line for fix NEWLY UPDATED if ( $_REQUEST['formid'] == 2 && $_SESSION['uccverified'] == 1) { $_SESSION['uccverified'] = 2; } elseif ( $_REQUEST['formid'] == 3 && $_SESSION['uccverified'] == 2) { unset ($_SESSION['uccverified']); } elseif ($_REQUEST['formid'] == 1 && $_SESSION['uccverified'] == 0){ exit; } else { $_SESSION['uccverified'] = 0; header ("Location: http://www.floracraft.com/index.php?option=com_performs&formid=1"); exit; } } Had to add the first formid as the final check o_o blank page now. I've tried to redesign the code using switch(), but I'm still coming up with the same issue, which is becoming totally disheartening. Here's my new code: if (!isset ($_SESSION['uccverified'])) { $_SESSION['uccverified'] = 0; } $uccverified = $_SESSION['uccverified']; switch( $uccverified ) { case "0": if ( $_REQUEST['formid'] != 1 ) { header ("Location: http://www.floracraft.com/index.php?option=com_performs&formid=1&Itemid=33" ); exit; } elseif ( $_REQUEST['formid'] == 2 ) { $_SESSION['uccverified'] = 0; header ("Location: http://www.floracraft.com/index.php?option=com_performs&formid=1&Itemid=33" ); exit; } elseif ( $_REQUEST['formid'] == 3 ) { $_SESSION['uccverified'] = 0; header ("Location: http://www.floracraft.com/index.php?option=com_performs&formid=1&Itemid=33" ); exit; } break; case "1": if ( $_REQUEST['formid'] == 1 ) { $_SESSION['uccverified'] = 0; header ("Location: http://www.floracraft.com/index.php?option=com_performs&formid=1&Itemid=33" ); exit; } elseif ( $_REQUEST['formid'] == 3 ) { $_SESSION['uccverified'] = 0; header ("Location: http://www.floracraft.com/index.php?option=com_performs&formid=1&Itemid=33" ); exit; } elseif ( $_REQUEST['formid'] == 2 ) { $_SESSION['uccverified'] = 2; } break; case "2": if ( $_REQUEST['formid'] == 1 ) { $_SESSION['uccverified'] = 0; header ("Location: http://www.floracraft.com/index.php?option=com_performs&formid=1&Itemid=33" ); exit; } elseif ( $_REQUEST['formid'] == 2 ) { $_SESSION['uccverified'] = 0; header ("Location: http://www.floracraft.com/index.php?option=com_performs&formid=1&Itemid=33" ); exit; } elseif ( $_REQUEST['formid'] == 3 ) { $_SESSION['uccverified'] = 0; } break; } Have I missed something? I put in a print_r ($_SESSION['uccverified']; and I get the right printout, except when I browse directly to formid=3, then the value is getting unset, because nothing shows up. I can't find anywhere that I'm unsetting it. Quote Link to comment Share on other sites More sharing options...
Netcasters Posted October 31, 2007 Author Share Posted October 31, 2007 Well, I moved the code I just wrote from a file in the component to my index.php file and it seems to work. It's not perfect as it sets the uccverified bit to 2 before the submit button is pressed. Quote Link to comment Share on other sites More sharing options...
revraz Posted November 1, 2007 Share Posted November 1, 2007 Your first IF is still incorrect: if ( $_REQUEST['formid'] != 1 ) should be == Quote Link to comment Share on other sites More sharing options...
kratsg Posted November 1, 2007 Share Posted November 1, 2007 You've got a bug with your other php script then.. just tested it myself on a fake script... if ( $_REQUEST['formid'] == 2 && $_SESSION['uccverified'] == 1) { $_SESSION['uccverified'] = 2; } elseif ( $_REQUEST['formid'] == 3 && $_SESSION['uccverified'] == 2) { unset ($_SESSION['uccverified']); } elseif ($_REQUEST['formid'] == 1 && $_SESSION['uccverified'] == 0){ return true; } else { $_SESSION['uccverified'] = 0; header ("Location: http://www.floracraft.com/index.php?option=com_performs&formid=1"); exit; } } Ran it through with sessions, the re-direct works, it shows what it needs to show correctly... Double check O_O Quote Link to comment Share on other sites More sharing options...
Netcasters Posted November 1, 2007 Author Share Posted November 1, 2007 I have fixed my problem. I placed the following code in my index.php file: if (!isset ($_SESSION['uccverified'])) { $_SESSION['uccverified'] = 0; } $uccverified = $_SESSION['uccverified']; switch( $uccverified ) { case "0": if ( $_REQUEST['formid'] == 2 ) { $_SESSION['uccverified'] = 0; header ("Location: http://www.floracraft.com/index.php?option=com_performs&formid=1&Itemid=33" ); exit; } elseif ( $_REQUEST['formid'] == 3 ) { $_SESSION['uccverified'] = 0; header ("Location: http://www.floracraft.com/index.php?option=com_performs&formid=1&Itemid=33" ); exit; } break; case "1": if ( $_REQUEST['formid'] == 1 ) { $_SESSION['uccverified'] = 0; header ("Location: http://www.floracraft.com/index.php?option=com_performs&formid=1&Itemid=33" ); exit; } elseif ( $_REQUEST['formid'] == 3 && $_REQUEST['form2complete'] !== 1 ) { $_SESSION['uccverified'] = 0; header ("Location: http://www.floracraft.com/index.php?option=com_performs&formid=1&Itemid=33" ); exit; } break; } Then once the second form is completed, the link to the third location includes in the url form2complete=1. Therefore you can't view the third form without submitting the information on the second form, and you can't view the second form without verifying the first. Thanks for all your help! I'm a little less green now. Quote Link to comment Share on other sites More sharing options...
revraz Posted November 1, 2007 Share Posted November 1, 2007 Nice job Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.