Hi,
I have basically created two functions in a filed called functions.php . They are as follows:
# Form Token Hash Generator (must be declared after if statement)
function GenerateFormTokenHash(){
$token = $_SESSION['token'] = md5(uniqid(mt_rand(), true)) ;
return $token;
}
# Form Token Hash Validator
function IsValidFormTokenHash(){
return $_POST['token'] == $_SESSION['token'];
}
The first function creates a random token and stores it in the session token and assigned to a variable $token for using later on other forms on site, which works fine on local as i can see the token in the session file on local computer.
The second function basically checks the hidden field name token against the $_SESSION .
Now they seem fine to me i beleive, i must admit functions confuse me to say the least.
My test form is just this: (note this is not my full test page, but so you know the functions.php is included as an include on the webpage, just not shown below.
<?php
# Has form been submitted ?
if(isset($_POST['submit'])){
# Now form has been submitted compare token value
if(isset($_SESSION['token']) && IsValidFormTokenHash()){
# Everything is ok so do processing etc here
$name = $_POST['name'];
$email = $_POST['email'];
echo "FORM SENT!";
exit;
} else { # mmm, seems fishy to me; TELL THEM!
echo 'YOU ARE TAMPERING WITH THIS FORM';
exit;
}
}
# Generate token hash
GenerateFormTokenHash();
?>
<form method="post" action="<?php $_SERVER[PHP_SELF] ?>">
Name: <input type="text" name="name" /> <br />
Email: <input type="text" name="email" /> <br />
<input type="hidden" name="token" value="<?php echo $token; ?>" />
<input type="submit" name="submit" value="Send" />
</form>
Now the problem i am having is althou i assigned the random string to $token/$_SESSION in the hidden field i got it to echo $token but the hidden field value is empty. If i type $_SESSION in hidden field it works, but reason for using a variable $token is so i can change it from one file if i alter parts of the function later on in time.
Can someone tell me what i am doing wrong, probably something stupid but functions confuse me so not sure what is not rite. Basically the hidden form input token has no value althou i am echoing $token, which is confusing me as $_SESSION which stores the random string was assigned to $token and in function i placed return before it.
Thanks,
PHPLOVER