This part takes the time here:

$_SESSION['token_time'] = time();

Till you fill the form and submit, the $token_age is having a difference of more than 60.

$token_age = time() - $_SESSION['token_time'];
if ($token_age >= 60) {

Why do you want the difference in the time for?

Habtom

Habtom

I made the following some changes to post.php code is below, but it still does not go into the valid data loop, and prints "Timeup!" on pressing submit button and doesnot show any value for echo $_SESSION['token_time'];

However if i DIRECTLY go to post.php it says "Valid data!"

It's behaving just in the opposite way i expect it to.

Revised Code

<?php
session_start(); 
$token = md5(uniqid(rand(), TRUE));
$_SESSION['token'] = $token;
$_SESSION['token_time'] = time();
 
?>
<form action="post.php" method="post">
<input type="hidden" name="token" value="<?php echo $token;?>" />
<p>
Symbol: <input type="text" name="symbol" /><br />
Shares: <input type="text" name="shares" /><br />
<input type="submit" value="Buy" />
</p>
</form>

post.php contains the following content

<?php
if ($_POST['token']== $_SESSION['token']) {
echo "Valid data!";
exit;
}
$token_age = time() - $_SESSION['token_time'];
if ($token_age >= 600) {
// time limit can be set here as number instead
// of LOGIN_TIME_LIMIT define, such as 60*10
echo $_SESSION['token_time'];
echo "Timeup!";
exit;
}
?>

I can't figure it's behaviour as this is a very simple code. Please help simulating it's behaviour.

[edited by: kkonline at 2:04 pm (utc) on Aug. 18, 2007]

<?php
session_start();
if (isset($_POST['token']) && isset($_SESSION['token']) && $_POST['token'] == $_SESSION['token'])
{
$token_age = time() - $_SESSION['token_time'];
if ($token_age >= 5)
 {
echo "Timeup!";
exit;
 }
echo "Valid data!";
exit;
}
else{
echo "Wrong data!";
exit;
}
?>

When submitted from some other site now it shows Wrong data as it should.

When posted from correct site within time it shows valid data if the data is correct but time is up then show Timeup!

Perfect! Thanks