about radio buttons in php

Light Poster

40 posts since Jan 2012

Reputation Points: 10

Solved Threads: 0

0

You can find a simple sample here:
http://www.homeandlearn.co.uk/php/php4p10.html

catherine sea

Junior Poster

126 posts since Jan 2008

Reputation Points: 25

Solved Threads: 20

0

do u have sample code..its very messy
i need the exact code........

Light Poster

40 posts since Jan 2012

Reputation Points: 10

Solved Threads: 0

0

I don't understand why you're giving a registering user the choice of which level to enter - surely this is a security flaw?
If this is a publically viewable form, it could be easily spoofed in order to send data with 'admin' enabled/selected.

I was going to post the code, but then, I saw your reply. Try it yourself first - don't be lazy! :)

Rhod Gilbert Fan (ardav)

Moderator

7,800 posts since Oct 2006

Reputation Points: 1,170

Solved Threads: 1,080

0

hmm....please can u send me the code..i tried but...

Light Poster

40 posts since Jan 2012

Reputation Points: 10

Solved Threads: 0

Show Comments

1

If you tried, show us what you got. This is a help forum, not a free lunch forum.

If the form is only for an admin to fill out, I don't see why you need the admin radio option in the first place, as he/she will have registered as an admin SOMEHOW already.

Rhod Gilbert Fan (ardav)

Moderator

7,800 posts since Oct 2006

Reputation Points: 1,170

Solved Threads: 1,080

0

//submit form get the data etc...
$buttons = array("button1" => 0, "button2" = 1);

foreach($buttons as $key => $but){
   if($but == 1){
      echo "<input type="radio" name='" . $key . "' disabled='disabled'/>"
   }else{
      echo "<input type="radio"  name='" . $key . "' /> &&"<input type="radio"  name='" . $key . "' />
   }
}

is this correct code????

i gave name as role and value as 1 for admin

Light Poster

40 posts since Jan 2012

Reputation Points: 10

Solved Threads: 0

Show Comments

1

how about:

<?php
if(!admin_exists){
  echo '<input name="level" id="adminlevel" type="radio" value="2" /> <label for="adminlevel">admin</label>';
}
?>
<input name="level" id="manlevel" type="radio" value="1" /> <label for="manlevel">manager</label>
<input name="level" id="employeelevel" type="radio" value="0" /> <label for="employeelevel">employee</label>

That should work for a secured form (if only an admin can get at it). HOWEVER, using plaintext or integer values is dangerous if not, as anybody can spoof a form and send it as an admin (even if they're not).

One way to prevent this is to hash the values with something like this:

$adminhash = md5('thisisadmin97531');
// so then
if(!admin_exists){
  echo '<input name="level" id="adminlevel" type="radio" value="' . $adminhash . '" /> <label for="adminlevel">admin</label>';
}

You then need to check on form handling for $_POST['level'] - use a switch or if/elseif/else... to check for accepted values, which are:

eb9ef3335cf3726752e8008b5bbe9b74 (admin)
1 (manager)
0 (employee)

But this is pretty hypothetical as we don't know HOW this is being used. As I said, individuals should never be allowed to enter their level of access/rights/permissions.

Rhod Gilbert Fan (ardav)

Moderator

7,800 posts since Oct 2006

Reputation Points: 1,170

Solved Threads: 1,080

0

I agree this is going to cause serious problems allowing users to be any level they wish!!!! The site will not last more than a week online with that security!!!

mikulucky

Junior Poster in Training

85 posts since Jan 2012

Reputation Points: 41

Solved Threads: 13

0

(wht i have to give for admin_exists for and $adminhash = md5('thisisadmin97531');

if(!admin_exists){
  echo '<input name="level" id="adminlevel" type="radio" value="2" /> <label for="adminlevel">admin</label>';
}

Light Poster

40 posts since Jan 2012

Reputation Points: 10

Solved Threads: 0

0

Before you ask any more questions about the code. Answer my question - how is this going to be used and by whom? This will enable us to answer you correctly. At the moment I can only guess at what you wish to achieve.