Saturday 15 May 2010

php - Session/Cookie Issue? -



php - Session/Cookie Issue? -

i having bit of difficulty form tokens. have global file require @ top of of controllers.

/* *---------------------------------------------- * verify form tokens *---------------------------------------------- */ if ($_post) { // define , sanitize $formtoken = $sanitize->input($utilities->getvar('formtoken', 'session')); $authenticitytoken = $sanitize->input($utilities->getvar('authenticitytoken')); // validate if ($authenticitytoken !== $formtoken) { $errors[] = 'there token mismatch error submitting form. please seek again.'; } } // generate form token $formtoken = $forms->token(); $_session['formtoken'] = $formtoken;

when echo'ing vars out right after beingness declared match. when check db ( save sessions db ) every db refresh displays new formtoken saved. phone call $forms->token(); class 1 time looks like

class forms { public __construct(){} function token() { $characters = 'abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz0123456789'; $token = ''; ($i = 0; $i < 60; $i++) { $token .= $characters[ rand( 0, strlen( $characters ) - 1 ) ]; } $hash = substr(str_shuffle($token), 0, 32); homecoming $hash; } }

i have been working on issue while now, confused why occurs. using mod_rewrite in .htaccess file. read rewrites impact sessions other session info ok ( session login info etc. ) these tokens giving me hard time.

i think need wrap else around generate token. have it, looks token, create new 1 each time.

if ($_post) { // define , sanitize $formtoken = $sanitize->input($utilities->getvar('formtoken', 'session')); $authenticitytoken = $sanitize->input($utilities->getvar('authenticitytoken')); // validate if ($authenticitytoken !== $formtoken) { $errors[] = 'there token mismatch error submitting form. please seek again.'; //update: maybe set here too: $formtoken = $forms->token(); $_session['formtoken'] = $formtoken; } } else { //----putting in else not done 1 time again on post-------- // generate form token $formtoken = $forms->token(); $_session['formtoken'] = $formtoken; }

php .htaccess session mod-rewrite cookies

No comments:

Post a Comment