Power By 专否社区

Trying to send data between PHP pages; Post/cURL not working and Sessions getting messy

Go To StackoverFlow.com

1

I recently asked this question Posting data with curl - actually refreshing to the next page but I soon realized that the solution wasn't exactly great...

So I'm passing data between PHP pages in several places. Here's my current problem:

I rely on cookies so I check at the top of each page if cookies have been enabled:

session_start();
if (!isset($_COOKIE['PHPSESSID'])) {
    if ($_GET['rd'] == '1') {
        header('Location: *redirect url*');
    } else {
        *refresh the page, setting 'rd' to '1'*
    }
}

However, since this is a 'header' on each page, it needs to be generic. For example, any post or get data sent to it (from another page, or a form) should be sent to the redirected page.

Get is easy because I can include it in the url, but I've been having problems with Post.

I started with cURL to send Post data to the next page, but I realized that it wasn't actually going to the page

$ch = curl_init($some_url);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, 'myvar=something');
curl_exec($ch);
curl_close($ch);$ch = curl_init($some_url);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, 'myvar=something');
curl_exec($ch);
curl_close($ch);

cURL doesn't load $url afterwards; it returns it

So I was advised to use Sessions, and I soon realized that it wasn't such a great solution;

  1. When redirecting, if I set the Post data to the Session variable (store the data), then each page that uses Post data needs to check if the data is in Post or Session.
  2. It's not efficient - I'm sending data between two pages, not necessarily information about the session.

In regard to number 2, I set another session variable to tell the following page if the Post data has been moved to Session. However, each time I have to reset that variable, and it just makes things complicated and untidy.

The Example: I have a registration page that sends the form data to the validation page. Both of these has the header to check if cookies are enabled.

Post data is sent to the validation page, and if there is a problem, I can't post data back to the validation page (telling the user what were the problems), I've got to set a session variable with the registration errors. And each time, I've got to unset the registration errors variable.

Right now I don't think I need cookies on the validation page, but I don't want any loopholes and I don't know what I will add later.

Back to the problem

  1. I need to check if cookies are enabled on each page.
  2. I don't know if my current application is the most efficient way (redirecting); it's certainly caused a lot of problems
  3. If anyone can tell me how to check cookies without redirecting (and doesn't conflict with anything else), that's as good as a solution
  4. I don't want to rely on javascript or hidden forms; I want to be in control of the experience
  5. I need to send data between two pages efficiently. Not fond of sessions for certain applications because I need to set and unset the variable each page.

I know it's a big task, but if anyone could help it'd be greatly appreciated!

2012-04-05 18:23
by Raekye
what, in more exact terms, are you trying to do? why "send data between two pages"? The user is going to travel between pages, and you need each page to know that data that was on the other one? Is this just for form completion, or are you doing something more sophisticated - Aerik 2012-04-05 18:28
Lets say I have two pages: one form and another validation. The form sends post data via a form, and the other one checks for errors. If there are errors, the errors have to be sent back to the form to display them. I could use sessions, but the data is ment just for 1 page and each time Im sending data between two pages Id have to set and unset the session variables. In this example itd work if I put the two pages together, but there are other cases; most significantly checking for cookies and keeping post data - read my post at the bottom it explains my main issu - Raekye 2012-04-06 15:15

1

If all the intermediary page is doing is validating form data, scrap it; just do it in the same PHP script. At the simplest, you can have:

<?php
    $yourkey = 'goeshere';
    if (!isset($_COOKIE[$yourkey])) {
        setcookie($yourkey, $value, $expires);
    }

    if (isset($_POST['submit'])) {
        $errors = array();
        // do validation here
        // iterate over your fields and add any errors to $errors array
        if (empty($errors)) {
            // redirect if there are no errors, if you really need to
            header('Location: success.php');
            exit;
        }
    }
?>
<html>
  <body>
    <form method="post" action="">
      <label for="name">Your name:</label>
      <input type="text" name="name" value="<?php echo isset($_POST['name']) ? $_POST['name'] : ''; ?>" id="name" />
      <input type="submit" name="submit" value="Submit" />
    </form>
  </body>
</html>

There is an XSS vulnerability echoing POST data in your HTML page, but I'll leave that up to you to secure.

2012-04-05 19:13
by Martin Bean
This doesn't actually solve the original problem but I'll take your suggestion. My main problem is, there's code that checks if a cookie has been set (ie cookies enabled). If not, it tries to set one and redirects to the same page. I mean, technically the first time a user goes to my site, it should be on some generic page like "registration.php", but I'm trying to make it scalable so that if for some reason the cookie is lost between a validation page, the post data will still be preserved during the redirect. I know it's complicated and don't think I'm explaining it the best way.. - Raekye 2012-04-05 21:26
@Raeki You do realise you can do this on the same page; you don't need to redirect? You can check for a cookie and set it in the PHP block above your HTML, like I did in my example. Just place your code for the cookie above the form validation - Martin Bean 2012-04-06 11:08
I spent a week on that; the cookie doesnt show up until the subsequent page. So that code. If cookies were disabled, that code would just try to set the cookie each time. It baffled me for the longest time and Ive done many tests. Only the next page can check if a cookie has been set succesfull - Raekye 2012-04-06 15:13
@Raeki Wrong. Just set a variable in your script. Just check for the cookie after setting it: if it exists you can assume the user's browser supports cookies; if not then it doesn't. You really don't need to redirect to other scripts; that's just extremely inefficient - Martin Bean 2012-04-08 17:59

0

I'm not sure if this is helpful, but maybe you can try to limit the amount of pages? What I usually do, is have the form ánd the validation on one php page. You check if a user send something at the start, if he did, check it and show any errors. If not, show the form.

2012-04-05 19:02
by Anorionil
Ads