Script to change a variable SESSION

Question

Script to change a variable SESSION

Navigation

#1 by (0 votes)

0

What I want is that when I run a script I change a SESSION variable

In the example I give you, the SESSION variable does not change. It is always closed and should change to open enrollment.

'periodinscription.php'

<?php 

session_start();


$inscripcioncerrada = "inscripcion.php"; // INSCRIPCION CERRADA
$inscripcionabierta = "registrar.php"; // INSCRIPCION ABIERTA

$_SESSION['estadoInscripcion'] = $inscripcioncerrada; // PERIODO DE INSCRIPCION 


if (isset($_REQUEST["estado"])) {
$_SESSION['estadoInscripcion'] = $_REQUEST['estado']; 
}

?>

and in 'periodosinscripcion_abrir_registro.php'

<script language="javascript">

    var nuevoEstado = '$inscripcionabierta'; 
    xhr = new XMLHttpRequest(); 

    xhr.open('POST', 'periodoinscripcion.php'); 
    xhr.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded'); 
    xhr.send(encodeURI('estado=' + nuevoEstado));

</script>

php

asked by Paolo Frigenti 25.05.2018 в 11:57

source

1 answer

Join returns duplicate records mysql codeigniter Help with query sql (count) in jsp

score 0 · Answer 1

The problem

If your current code works, what you will be receiving will be a string equal to $inscripcionabierta . It is impossible, among other things for reasons of security , to innocently assert on the server a variable passed from the client. Imagine, we could send things like these to the server and they would be executed:

var nuevoEstado='
                   function hack(){
                      echo "te estoy hackeando"; 
                      require("credenciales.php"); 
                      /*voy a sacar la contraseña*/ 
                      echo $credenciales;
                    } 

                    hack();
                  ';

The solution

Why do not you pass the variable like this from the client ?:

var nuevoEstado = 'registrar.php';

In this way, only this code would suffice to change the session variable:

if (isset($_REQUEST["estado"])) {
    $_SESSION['estadoInscripcion'] = $_REQUEST['estado']; 
}