Posted by Schraalhans Keukenmeester on 08/23/06 11:19

Rik wrote:
> Schraalhans Keukenmeester wrote:
>> I am stomped with the following problem:
>>
>> I have a script start.php and a second script proceed.php
>>
>> Relevant (and working) sections of the code:
>>
>> start.php
>>
>> <?PHP
>> start_session();
>> // this string will later be used to check if
>> // proceed.php was invoked via the form below
>> $verif_str="abcdefg";
>> $name_str="hijklmn";
>> // Store these vars in the SESSION array.
>> $_SESSION['vstr']=$verif_str;
>> $_SESSION['nstr']=$name_str;
>> // output the form (in real case with correct html surrounding
>> // the form, doctype, header, body tags, all that)
>> echo"
>> <form action='proceed.php' method='POST'>
>> <input type='text' name='field_01' />
>> <input type='text' name='field_02' />
>> <input type='hidden' name='check' value='$verif_str' />
>> <input type='submit' />
>> </form>";
>> proceed.php
>>
>> <?PHP
>> start_session();
>> // read back session vars
>> $verif_str=$_SESSION['vstr'];
>> $name_str=$_SESSION['nstr'];
>> // read back hidden form var and regular fields
>> $check_str=$_POST['check'];
>> $field01=$_POST['field01'];
>> $field02=$_POST['field02'];
>> // are these strings equal ? If not, stop processing.
>> if ($verif_str != $check_str)
>> exit ('Verification code incorrect');
>> // Strings match, so open logfile, exit if this fails.
>> $fp = @fopen('transaction.log','a');
>> if ($fp===false)
>> exit ('Could not open file. Aborting.');
>> // write contents, for brevity additional error-checking is
>> // omitted here. This exists in the actual code.
>> fwrite($fp,"==============\n");
>> fwrite($fp,"Verification string:".$verif_str."\n");
>> fwrite($fp,"Name string:".$name_str."\n");
>> fwrite($fp,$field01."\n");
>> fwrite($fp,$field02."\n");
>> fclose($fp);
>> // rest of code, irrelevant to my issue
>> The problem:
>>
[snip]

> I don't really see anything wrong with your code. Have you been able to
> check with ths users experiencing problems:
> - What value the $_SESSION variable was?
> - Wether they've disabled cookies?
> - What happens if you just test wether a session works for them at all atm?
>
1. I have (alas) not recorded the session variable itself in the logs
2 I have not been able to check (sofar) whether or not these users have
cookies disabled/enabled. I gather from your question cookies are a MUST
with sessions? No alternatives? At least one of them (them being the
users, not the sessions) is imho way too ignorant to even be able to
disable cookies let alone know why she would/should, leading me to
believe she has everything enabled and wide open on her box. Is it
feasible some popular firewall-like thingy blocks cookies?

3. The problem seems to recur every now and then. Most -if not all- HAVE
been able to use the form properly in the past, just suddenly they bump
into trouble, and once they do, each consecutive run immediately
following their first failed attempt shows the same loss of data.
All form data is utterly standard, just alphanumerical, no weirdly
formatted or otherwise dubious/suspect entries.

(In fact we are talking about a captcha script, displaying an image of 5
alphanumeric chars, the other half of the 'key' being parsed via the
session, the key itself via the form, and then reassembled and checked
in the proceed script)

Thanks sofar Rik! How rude would we be if we continued this in Dutch ? GRIN.

Sh.

[Back to original message]