I have a fillin form , which has a submit button. In order to get to the fillin form, the user has already been authenticated and a session has been created, and variables have been added to the session.

In order to process the information, I have another 'insUpSel.php' file which does two things:

  1. populates a MSSQL database via a stored procedure with the contents of the session
  2. retrieves the results from the MS SQL table and populates an HTML table with multiuple result rows.

I want to prevent users from running the 'insUpSel.php' form manually and if they do force users back to the login page.

Is there a way, where I can update a variable before the processing the fillin form data?

ie. $submitted = true   (on fillin form)
then on the insupsel.php 
i check if $submitted = true
- IF TRUE, I set it back to false and continue processing the data
- IF FALSE, i force the user back to the login page

Many thanks

Recommended Answers

You mention that in order to get to the form, the user has already been authenticated and variables have been added to the session. If that's the case, can't the beginning of insUpSel.php simply check whether the proper session variables exist, and if not, do an HTTP header redirect to …

Jump to Post

All 2 Replies

You mention that in order to get to the form, the user has already been authenticated and variables have been added to the session. If that's the case, can't the beginning of insUpSel.php simply check whether the proper session variables exist, and if not, do an HTTP header redirect to the login page?

On insupsel.php, you can do any of the following:

// 'submitted' field with specific value was passed into form
if (isset($_POST['submitted']) AND $_POST['submitted'] == 'value') { ... }

// 'user_id' cookie with specific value is set
if (isset($_COOKIE['user_id']) AND $_COOKIE['submitted'] == 'value') { ... }

// 'session_var' session variable with specific value exists
if (isset($_SESSION['session_var']) AND $_SESSION['submitted'] == 'value') { ... }

I was doing that.. but If a user refreshes that page it inserts a new record whenever they press refresh.

But that got me to remeber to add a variable to set once I get to the page.

So, it loads, sets a variable of '$inserted' to true, and when you try again if that variable is set, it returns to login.

Again, some of my questions may seem silly, but I am learning.

Love this community.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of 1.19 million developers, IT pros, digital marketers, and technology enthusiasts learning and sharing knowledge.