//Check against CSFR here
$key = md5(uniqid(rand(), TRUE));
//$key = "234"; //using this works but not the idea
$_SESSION['key'] = $key;
//form
<form method="post" action="<?php echo HTTPF; ?>/complete_reg">
<p>
<label>
<b>Email address:</b><br />
<input type="text" id="user_email" name="user_email" value="" class="register_email" onblur='$("#checkid").html("Please wait..."); $.get("er_checkuser.php",{ cmd: "check", check_key: $("#check_key").val(), user: $("#user_email").val() } ,function(data){ $("#checkid").html(data); });' />
</label>
<input type="hidden" id="check_key" name="check_key" value="<?php echo $key; ?>" />
<span style="color:red; font: bold 12px verdana; " id="checkid" ></span>
</p>
//calling page
//er_checkuser.php
foreach($_GET as $key => $value) {
$get[$key] = filter($value);
}
//For some reasons I don't know why the values are not the same but they should be
if ($get['check_key'] == $_SESSION['key'])
{
echo $_SESSION['key'];
echo "<br>";
echo $get['check_key'];
}
-
2i can't see session_start() anywhere...Sascha Galley– Sascha Galley2011-07-15 22:14:04 +00:00Commented Jul 15, 2011 at 22:14
-
There is session_start() at the beginning of the pages (not shown)Frank Nwoko– Frank Nwoko2011-07-16 10:59:57 +00:00Commented Jul 16, 2011 at 10:59
Add a comment
|
3 Answers
Ah I think I know where the problem is: you create a new key on every page reload. So you also create a new key when submitting the form.
What you should do is:
if(!isset($_GET['check_key']) {
$key = md5(uniqid(rand(), TRUE));
$_SESSION['key'] = $key;
}
1 Comment
Frank Nwoko
When I do this, $get['check_key'] doesn't have a value at the calling page.
You should call session_start() at the top of your php script or else I won't work.
session_start() creates a session or resumes the current one based on a session identifier passed via a GET or POST request, or passed via a cookie.
Maybe you can watch this video from nettuts to learn how to create login system, which uses sessions.
