[SOLVED] session problem

[SirChick]

I have a session issue with my scripts... i put sessions on pages like this:

 

$_SESSION['referer'] = $_SERVER['SCRIPT_NAME'];

  this is in estateagents.php

 

 

stop people clicking urls like /process.php

 

which would cause the process to run when accessed so i decided to put this in my process page :

 

if (isset($_POST['SellHouse']) && $_SESSION['referer'] == 'estateagents.php'){
do code}else{
$_SESSION['referer'] = 'invalid';
header("location: estateagents.php");
}

 

 

but it is not working .. it just headers every time rather than doing the code..

[pocobueno1388]

Are you calling session_start() at the top of each page?

[aschk]

Well, is

 

isset($_POST['SellHouse'])

 

true ?

 

And what does $_SESSION['referer'] equal when process.php is run? How about you echo it out and found out (comment out the header so you don't redirect...)

[SirChick]

it equals estateagents.php

and the $_POST['SellHouse']

 

is from this line :

 

<input type="submit" id="Button10" name="SellHouse" value="Sell my house!" style="position:absolute;left:250px;top:150px;width:142px;height:24px;z-index:13">
</form>

 

 

so it must be set otherwise it would'nt redirect...

[aschk]

The reason your code is redirecting is because one of these two is NOT true (i.e. false), you work out which

 

1) isset($_POST['SellHouse']))

2) $_SESSION['referer'] == 'estateagents.php'

[SirChick]

but isset is working otherwise how is it going to the process page in the first place when i press the submit button and when i echo session is doesnt equal the php check.. .lol

[aschk]

How about you modify your code slightly for a minute and see. Change it to this :

if (true && $_SESSION['referer'] == 'estateagents.php'){
   echo "OMG, both my tests evaluated to true";
}else{
  // Redirect another page.
  $_SESSION['referer'] = 'invalid';
  header("location: estateagents.php");
}

 

I think you'll find that may well work.

 

[aschk]

What you're trying to stop is someone just typing the URL directly into their browser right?

 

So if they type it into their browser answer me these questions :

 

1) Are they performing a POST action?

2) If they are what does isset($_POST['SellHouse']) equal?

3) If they are NOT what does isset($_POST['SellHouse']) equal?

4) What is FALSE && TRUE?

5) What is FALSE && FALSE?

6) What is TRUE && TRUE?

[SirChick]

true and true = do the form processing .. else header away from it.

 

you hit the nail on the head with what im trying to do.

 

Basically say the url was changed to process.php

and the session had not been set yet then that suggests the user skipped the form data input..

 

 

i tested it by actually doing the form and hitting submit and it headers away when it should not.

the form is post.

 

Just tried this :

if (true && $_SESSION['referer'] == '/estateagents.php'){

 

i tried it with a / and with out the / encase it carried that with it but the echo didn't show... which suggests the session is not being created... but i don't see why as the session creation is right at the bottom of my form page outside of all the ifs etc

 

how ever when i echo this $_SESSION['referer'] = $_SERVER['SCRIPT_NAME']; it definitely shows /estateagents.php

 

just for extra prove encase im wrong here i provided a print screen of my page source:

 

 

[attachment deleted by admin]

[SirChick]

anyone?

[revraz]

Seems easier to me if you just set a $_SESSION['variable'] after they go to your first form and check it on the 2nd and only allow it if it's set.

[SirChick]

yeh i think i will have to do that.... ok well thanks for helping anyway guys, much appreciated!

[Backu]

I had an issue once using if( this && that ), couldn't get anything to work right, ended up trying to encase both in ()'s ie:

if( (this) && (that) )

was the only thing I could do to get both to evaluate properly. I can only suggest trying, cause it may just have been the way I had everything set up.

 

-Backu Zethara