CodeIgniter Forums

Full Version: How do I prevent my app from breaking down when users tampering with the URL?
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

El Forum

[eluser]Rupesh Pradhan[/eluser]
How do I prevent my app from breaking down when users tampering with the URL?

When the a previous view with the form called the function 'show_name_list' in the controller result given below (with the post data $class_name) it works fine.

http://localhost/PHPDev/codeigniter/index.php/result/show_name_list

Now, as soon as i add a slash or any thing after that and press enter, it gives me the errors given below.

For example, the trailing slash at the end of the url given below

http://localhost/PHPDev/codeigniter/index.php/result/show_name_list/

---------------------------
A PHP Error was encountered

Severity: Notice

Message: Undefined variable: data

Filename: models/mrockvale.php

Line Number: 20
---------------------------

The post data $class_name is empty when recieved by the controller and thereafter the model which shows the error.

I was thinking that if such tampering occurs, i could notify the user that the url has been tampered and provide a link back to the index page. Is this idea ok?

El Forum

[eluser]überfuzz[/eluser]
Welcome to the forum!

Save a session variable.
Code:
if($this->session->userdata('form_action'))
{
   //ok you're doing dandy
}
else
{
   $this->index();  //go back to the start!
}

El Forum

[eluser]Rupesh Pradhan[/eluser]
Code:
function index()
{
    // index function
}


function show_name_list()
{
    // load helpers
    $this->load->helper('url');        
    $this->load->model('MRockvale','',TRUE);    
    $this->load->helper('form');    
            
    // extract post variables        
    $class_name=$this->input->xss_clean($this->input->post('class_name'));
    $exam_name_code=$this->input->xss_clean($this->input->post('exam_name_code'));

    // is this where i check if my URL has been tampered?
    if($this->session->userdata('form_action'))
    {
       //ok you're doing dandy
    }
    else
    {
       $this->index();  //go back to the start!
    }

}

FYI - I have been taking a crack at CodeIgniter for the past 2 days only. I need all the help I can get!

El Forum

[eluser]überfuzz[/eluser]
Ok... I'm not 100% on what it is you doing. But it seems you're setting up a form with several steps. My advice was to store a session variable. If it's not set you direct the user back to the start. You might have to adjust it to make it work in your application. But the idea...

Code:
function index()
{
   //set up the form_validation stuff
   //display the view, you could call it form_start.php
   //set session variable
}

function next_step()
{
   if(!first step)
   {
      $this->index();
   }

}

Read about session, form_validation in the user_guide.

El Forum

[eluser]Rupesh Pradhan[/eluser]
Ok.
Will try to use this as the starting point.
Thanks

El Forum

[eluser]überfuzz[/eluser]
CI is not flawless, but it's good. If you use it in a sound way you'll quickly start loving it.

Feel free to ask questions as you go along setting up you site.