Breedlove: php - Session/Cookie Issue? -

Saturday 15 May 2010

php - Session/Cookie Issue? -

i having bit of difficulty form tokens. have global file require @ top of of controllers.

/*  *----------------------------------------------  *  verify form tokens  *----------------------------------------------  */     if ($_post) {     // define , sanitize     $formtoken           = $sanitize->input($utilities->getvar('formtoken', 'session'));     $authenticitytoken   = $sanitize->input($utilities->getvar('authenticitytoken'));      // validate     if ($authenticitytoken !== $formtoken) {            $errors[] = 'there token mismatch error submitting form. please  seek again.';          } }    // generate form token $formtoken =  $forms->token(); $_session['formtoken'] = $formtoken;

when echo'ing vars out right after beingness declared match. when check db ( save sessions db ) every db refresh displays new formtoken saved. phone call $forms->token(); class 1 time looks like

class forms {     public __construct(){}     function token() {         $characters = 'abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz0123456789';         $token      = '';          ($i = 0; $i < 60; $i++) {       $token .= $characters[ rand( 0, strlen( $characters ) - 1 ) ];       }          $hash       = substr(str_shuffle($token), 0, 32);           homecoming $hash;      } }

i have been working on issue while now, confused why occurs. using mod_rewrite in .htaccess file. read rewrites impact sessions other session info ok ( session login info etc. ) these tokens giving me hard time.

i think need wrap else around generate token. have it, looks token, create new 1 each time.

if ($_post)  {     // define , sanitize     $formtoken           = $sanitize->input($utilities->getvar('formtoken', 'session'));     $authenticitytoken   = $sanitize->input($utilities->getvar('authenticitytoken'));      // validate     if ($authenticitytoken !== $formtoken)     {            $errors[] = 'there token mismatch error submitting form. please  seek again.';         //update: maybe  set here too:         $formtoken =  $forms->token();         $_session['formtoken'] = $formtoken;     } }   else {    //----putting in else not done   1 time again on post--------    // generate form token    $formtoken =  $forms->token();    $_session['formtoken'] = $formtoken; }

php .htaccess session mod-rewrite cookies

Breedlove

Saturday 15 May 2010

php - Session/Cookie Issue? -

No comments:

Post a Comment