1. Home
  2. Forums Index
  3. Server Side / PHP Server Side Scripting 4:39 am May 2, 2026

Forum Moderators: coopster

Message Too Old, No Replies

Form problem

         

kkonline

3:46 am on Aug 22, 2007 (gmt 0)

10+ Year Member



Ya i missed one curly bracket closing i have corrected it, but to whatever i post it just prints wrong data on the test localhost server and blank page on actual server.

The corrected code is [php]<?php
require_once('clean.inc.php');
session_start();

if (!isset($_SESSION['token']))
{
session_regenerate_id();
$_SESSION['token'] = true;
}//check for token

if (isset($_POST['token']) && isset($_SESSION['token']) && $_POST['token'] == $_SESSION['token'])
{//token is correct
$token_age = time() - $_SESSION['token_time'];
if ($token_age >= 5)
{//token correct but timeout
echo "Sorry Timeout!";
exit;
}
if(isset($_POST['secCode']) && isset($_SESSION['secCode']) && $_POST['secCode'] == $_SESSION['secCode'] )
{
// correct security code, now validate nameand other field
if(isset($_POST['name']))//name field is set
{
$n = $_POST['name'];
if (strlen($n) > 0 && strlen($n) < 31 && preg_match("/^[a-zA-Z'-]+$/", $n)) //valid and sql friendly name now in $name
{
$name=clean($_POST['name']);
echo $name;
}
else {
// $n is not valid
echo "Hoptic recommends you to fill your name properly.";
}
}
else {
//name not set
echo "Hoptic detected that you left the name field blank.";
}
}
else {
// security code is invalid
echo "Hoptic detected that you filled the wrong code";
exit; }
}
else
{//token is correct
echo "Wrong data!";
exit;
}

?>[/php]

kkonline

4:51 am on Aug 22, 2007 (gmt 0)

10+ Year Member



I removed the usage of clean function and directly wrote [php] $name = trim($_POST['name']);
$name = mysql_real_escape_string($_POST['name']);[/php]

Now to whatever i submit i prints "wrong data"
The current code code is
[php]<?php
session_start();

if (!isset($_SESSION['token']))
{
session_regenerate_id();
$_SESSION['token'] = true;
}//check for token

if (isset($_POST['token']) && isset($_SESSION['token']) && $_POST['token'] == $_SESSION['token'])
{//token is correct
$token_age = time() - $_SESSION['token_time'];
if ($token_age >= 5)
{//token correct but timeout
echo "Sorry Timeout!";
exit;
}
if(isset($_POST['secCode']) && isset($_SESSION['secCode']) && $_POST['secCode'] == $_SESSION['secCode'] )
{
// correct security code, now validate nameand other field
if(isset($_POST['name']))//name field is set
{
$n = $_POST['name'];
if (strlen($n) > 0 && strlen($n) < 31 && preg_match("/^[a-zA-Z'-]+$/", $n)) //valid and sql friendly name now in $name
{
$name = trim($_POST['name']);
$name = mysql_real_escape_string($_POST['name']);
echo $name;
}
else {
// $n is not valid
echo "Hoptic recommends you to fill your name properly.";
}
}
else {
//name not set
echo "Hoptic detected that you left the name field blank.";
}
}
else {
// security code is invalid
echo "Hoptic detected that you filled the wrong code";
exit; }
}
else
{
echo "Wrong data!";
exit;
}

?>[/php]

kkonline

5:19 am on Aug 22, 2007 (gmt 0)

10+ Year Member



My fault... a very silly one, i forgot to send the token from index.php . But that's how newbies learn, don't they?
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Server Side / PHP Server Side Scripting 4:39 am May 2, 2026