//Check against CSFR here
$key = md5(uniqid(rand(), TRUE));
//$key = "234"; //using this works but not the idea
$_SESSION['key'] = $key;
//form
<form method="post" action="<?php echo HTTPF; ?>/complete_reg">
<p>
<label>
<b>Email address:</b><br />
<input type="text" id="user_email" name="user_email" value="" class="register_email" onblur='$("#checkid").html("Please wait..."); $.get("er_checkuser.php",{ cmd: "check", check_key: $("#check_key").val(), user: $("#user_email").val() } ,function(data){ $("#checkid").html(data); });' />
</label>
<input type="hidden" id="check_key" name="check_key" value="<?php echo $key; ?>" />
<span style="color:red; font: bold 12px verdana; " id="checkid" ></span>
</p>
//calling page
//er_checkuser.php
foreach($_GET as $key => $value) {
$get[$key] = filter($value);
}
//For some reasons I don't know why the values are not the same but they should be
if ($get['check_key'] == $_SESSION['key'])
{
echo $_SESSION['key'];
echo "<br>";
echo $get['check_key'];
}
答案 0 :(得分:2)
啊我想我知道问题出在哪里:你在每个页面重新加载时创建一个新密钥。因此,您在提交表单时也会创建一个新密钥。
你应该做的是:
if(!isset($_GET['check_key']) {
$key = md5(uniqid(rand(), TRUE));
$_SESSION['key'] = $key;
}
答案 1 :(得分:1)
在使用$ _SESSION数组之前调用session_start()吗?
答案 2 :(得分:1)
你应该在php脚本的顶部调用session_start(),否则我将无法工作。
session_start()创建会话或恢复当前会话 通过GET或POST请求传递的会话标识符,或通过 cookie中。
也许您可以观看使用会话的video from nettuts to learn how to create login system。