using post input variables


#1

Hello Phphelp forum,

I am new here and new to php. I am struggling to secure a form. I am new to sessions. I am hoping to fight spam and unwanted posts. I decided to try giving my submit button a random name like a token: bin2hex(random_bytes(32)). I also store this value in a session variable. I try comparing the two values but nothing works. If I print_r post array and echo the session variable they both match. yet all of my comparison or isset attempts fail.

I’ve tried $testoutput = $_SESSION[‘buttonname’]; if (isset($_POST[$testoutput])) { …bla bla
is it possible to compare and check input fields with a variable name?

the purpose of this test leads to random input bait for bots. if the input is hidden via css and randomly named, then bots will have to measure all of the possibilities to know if the input is bait. all hidden inputs can be ignored.

atleast tell me if it is possible to handle a variable :slight_smile:

Thank You so very much. I am tired of fighting this one.


#2

Looks like you are talking about two different things. 1 being a CSRF token and the other being a honeypot.


#3

Hello and Thank you for your time.

I have a token in the form and it works. I still don’t know if a cookie token is also needed here but the form token and the session token are working. I use a hash_mac with random_bytes and a second random_bytes secret key. I just learned how to do this yesterday.

Update: I just realized that $_POST is an array, so the value of the array matches. I was trying to match the name of the array and not the value.

input name= $variable value=submit
I can only match if $_POST[$variable] == “Submit”

I was trying to match $_SESSION[‘variable’] value to name of input field (input name=$variable)

I suppose that I could use an input field which requires no value and test isset.

Thanks again. I appreciate your time. :slight_smile: