Jump to content


Check out our Community Blogs

Register and join over 40,000 other developers!


Recent Status Updates

View All Updates

Photo
- - - - -

Passing PHP session variables to a Jquery/Ajax script.

jquery ajax php session help .js js javascript

This topic has been archived. This means that you cannot reply to this topic.
3 replies to this topic

#1 elliottveares

elliottveares

    CC Resident

  • Advanced Member
  • PipPipPipPip
  • 56 posts

Posted 15 October 2013 - 02:03 PM

Hi all; while I have used basic JavaScript and PHP before; I am totally new to Jquery and Ajax.

 

Scenario: I have a html form on my site what has traditionally been directly processed with a PHP that incorporates sessions to limit how often the form can be submitted.

 

I have since updated the form to be posted through a Jquery/Ajax script so that the form can be posted without a refresh for the user; and it works . (I used and adapted this tutorial to suite my needs: http://net.tutsplus....h-using-jquery/)

 

However what I am trying to do is to get the session variables output from my PHP script and use them in my Jquey/Ajax script so that I can use them with a IF/ELSE statement to determine if the form will be processed or whether the user will be redirected in the same way the PHP script works. So far i have tried what this article suggested (http://stackoverflow...ing-jquery-ajax); but I just get a blank output from the html page what references my JQuery script and the main Jquery file on my server.

 

I also would like if possible to have a way of limiting how often the form can be submitted without using sessions, so that if  a users cookies are deleted; the form still wont be able to be re submitted by that user until the time is up. It also must not be IP specific in the sense that multiple users/clients on 1 IP address must all be treated individually (i.e. in business environment where 1 IP is shared across multiple devices.)  

 

 

My PHP Script

<?php

if(empty($_POST['Message'])) 
{ header("Location: form.html");
exit();
}

session_start();

if (isset($_SESSION['last_submit']) && time()-$_SESSION['last_submit'] < 60) //How offten the form can be submited in seconds.
   { header("Location: formwait.html");
exit();
}
else //Process the form if form has not been submitted for 60 seconds
 $_SESSION['last_submit'] = time();
 
//MAIN FORM PROCESSING BELOW HERE.........

 ?>

My JQuery/Ajax script in ".js" file

$(function() {  
  $(".button").click(function() {  
    
	var Name = $("input#Name").val();  
	var Message = $("input#Message").val();  
	
	var dataString = 'Name='+ Name + '&Message=' + Message;  
//alert (dataString);return false;  
$.ajax({  
  type: "POST",  
  url: "form.php",  
  data: dataString,  
 success: function() { location.replace("formwait.html") }   //Want this line to be renderd if session time has not yet expired.
	
});  
return false;  	
  });  
});    

Finally; thanks for reading.

 

Elliott Veares



#2 WingedPanther73

WingedPanther73

    A spammer's worst nightmare

  • Moderator
  • 17757 posts

Posted 17 October 2013 - 01:29 PM

Session objects should ONLY exist on the server side. Ajax queries will pass the session variable in the same way that a form submission will, so your php script knows which session you have.

 

What you can do is pass back some timer information to the jQuery from your PHP, but NOT the session. If the user deletes their cookies, I would just toss them out of the current site and back to some other page that requires a login, etc.

 

My guess is you're trying to do some anonymous voting thing, which will always be gameable by opening multiple browsers, etc.


Programming is a branch of mathematics.
My CodeCall Blog | My Personal Blog

My MineCraft server site: http://banishedwings.enjin.com/


#3 elliottveares

elliottveares

    CC Resident

  • Advanced Member
  • PipPipPipPip
  • 56 posts

Posted 17 October 2013 - 04:46 PM

My site has no login features; just a form where anyone can post. Two fields, one submit button.

 

Also I have heard I can pass the session value (not session its self, but its value) to Jquery/AJAX  with the json function; is this true and if so why was a getting a blank html page? (related to second link)

 

I also imagine what I was doing with PHP to set sessions I can also do with JQuery; if so how?

 

Reagrds: Elliott



#4 WingedPanther73

WingedPanther73

    A spammer's worst nightmare

  • Moderator
  • 17757 posts

Posted 18 October 2013 - 08:27 AM

A session is an object that lives on the server. It generally has an ID which you can pass to the browser as part of the HTML. I do NOT recommend doing that, however.

First of all, it's just a really bad idea. Depending on the validity of a form submission is always a bad idea, and including the session variable is particularly bad.

Secondly, the cookie is going to be submitted with every request, including AJAX requests, anyway.

 

Third, for people who want to game your system, you're advertising that you are using sessions, and someone with talent for abusing systems will have more information on how to abuse yours.

Your ability to limit abuse of a web system is always going to be limited. If you refuse to use standard authentication methods (registration/login processes), then you have to accept that one consequence of that is that people will be able to abuse your system.

Also, none of what you're suggesting doing will stop abuse. If someone clears their cookies, they can request a fresh copy of your page with a form filling plugin, get a new session, and submit again. Sending the cookie to the browser does NOTHING to stop that process.


Programming is a branch of mathematics.
My CodeCall Blog | My Personal Blog

My MineCraft server site: http://banishedwings.enjin.com/





Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download