i know that some of you dislike my methods but i’m happy with my homebrew framework and it works. so my framework and style aside (you can still insult me but also please help if possible) i am always struggling to fully understand arrays. I have a system of using session variables with post data to assign csrf tokens, random names and random values to my input fields. Everything works well except i am repeating code. I hate this and i would like to create one section of code to handle all of the unknown variables. I have my code working but it is only passing the value and not the name. I think that i am not able to see how this should work for some reason.
i hope that this makes sens. still, here is some code to clariify the matter.
my ‘router’ is just a section of code that checks if a session variable and the associated post variable exists or isset. if so, then set variables and pass to functions to check data, which is post name.value and token. If all is good, then show page, else relocate to index. All of my pages go through the index now via forms and not hyperlinks. my current code is like the following (which is obviously redundant):
if (isset($_POST[$_SESSION['router']['dashboard-buttonid']])) {
$buttontext = $_SESSION['router']['dashboard-buttontext'];
$buttonid = $_SESSION['router']['dashboard-buttonid'];
$csrfsecret = $_SESSION['router']['dashboard-csrfsecret'];
$csrfname = $_SESSION['router']['dashboard-csrfname'];
$showpage = 'dashboard';
}
//repeat two more times for two other options besides dashboard page
//above code ends up here. so we are dealing with unknown session/post names (keys)
$buttoncheck = checkbutton($buttontext, $buttonid);
$tokencheck = checktoken($csrfsecret, $_POST[$csrfname]);
$_SESSION['getpage'] = $showpage;
header('Location: /');
exit;
i’m trying to set $_POST[$csrfname])
using the following code:
$testkey = ['dashboard-buttonid'];
foreach($testkey as $postkey) {
if (array_key_exists($postkey, $_SESSION['router'])) {
list($id) = explode('-', $postkey);
$buttontext = ?;
//what allows me to pass $_SESSION['router']['dashboard-buttontext'] and not its value?
//so that i can still use $_POST[$csrfname] but as $_POST[$postkey]
//as it stands, $_POST[$postkey] holds the random value
//i want to pass the session variable along with the post and not its value
//$_POST[$_SESSION['router']['dashboard-csrfname']]
$buttonid = ;
$csrfsecret = ;
$csrfname = ;
$showpage = $id;
}
}
thus, to repeat myself:
$buttontext = ?;
what allows me to pass $_SESSION[‘router’][‘dashboard-buttontext’] and not its value?
so that i can still use $_POST[$csrfname] but as $_POST[$postkey]
as it stands, $_POST[$postkey] holds the random value
i want to pass the session variable along with the post and not its value
$_POST[$_SESSION[‘router’][‘dashboard-csrfname’]]
?
if i echo $postkey in the loop, then i get dashboard-csrfname, which is what i want.
i want to extract the name dahboard then use $postkey to reconstruct the unknown post:
$_POST[$_SESSION[‘router’][‘dashboard-csrfname’]] to pass this to a function.
my code currently passes the value of $_SESSION[‘router’][‘dashboard-csrfname’].
thus, my page is not loading (hence, header(‘Location: /’) enacted.)
any ideas how to pass the session variable and not its value?