I wrote a helpdesk system using PHP/MySQL, and am running in to a weird issue.
On my web server (IIS), I have the session set to time out after 20 minutes.
At the top of every php page, I have a line of code that checks to see if the $_SESSION['UNAME'] still exists, and if it doesn't, it takes the person back to the login page.
Each page submits form data back to a mastercontroller.php, which also has that same line of code in it at the top. This prevents a user who is just sitting on a page in the helpdesk application from submitting data after their session has expired.
This works on EVERY page except my "createticket.php" page, which is where users create a trouble ticket. For some reason, if a user is sitting on this page until their session times out, then they submit a new ticket, it will go ahead and process the ticket, then redirect back to the index.php page with the NoSession flag set. This is bad, because the mastercontroller.php uses the current user's session data to write out certain ticket information, which appears as blank information in the database entry.
The absolute only different between the createticket.php page and every other page, is that I am running an onsubmit="return VerifyData()", which processes before the form data is submitted to mastercontroller.php.
Is this the issue? Should I let mastercontroller.php do the form verification instead of a javascript function on the createticket.php page?
Here's some additional code if needed:
On my web server (IIS), I have the session set to time out after 20 minutes.
At the top of every php page, I have a line of code that checks to see if the $_SESSION['UNAME'] still exists, and if it doesn't, it takes the person back to the login page.
Code:
session_start();
if(!$_SESSION['UNAME']){header("location: ./index.php?MSGID=NoSession");}Each page submits form data back to a mastercontroller.php, which also has that same line of code in it at the top. This prevents a user who is just sitting on a page in the helpdesk application from submitting data after their session has expired.
This works on EVERY page except my "createticket.php" page, which is where users create a trouble ticket. For some reason, if a user is sitting on this page until their session times out, then they submit a new ticket, it will go ahead and process the ticket, then redirect back to the index.php page with the NoSession flag set. This is bad, because the mastercontroller.php uses the current user's session data to write out certain ticket information, which appears as blank information in the database entry.
The absolute only different between the createticket.php page and every other page, is that I am running an onsubmit="return VerifyData()", which processes before the form data is submitted to mastercontroller.php.
Is this the issue? Should I let mastercontroller.php do the form verification instead of a javascript function on the createticket.php page?
Here's some additional code if needed:
Code:
CreateTicket.php
<?php
session_start();
if(!$_SESSION['UNAME']){header("location: ./index.php?MSGID=NoSession");}
?>
<form name="NewTKT" id="NewTKT" method="post" action="./MasterController.php" onsubmit="return VerifyData();">
<input type="submit" name="submit" value="Create Ticket" class="NewTKTSubmit" onclick="document.forms['NewTKT'].FORMACTION.value='NEWTICKET'" />
<input type="hidden" name="FORMACTION" value="" />
</form>
<script>
function VerifyData() {
var t_LongD = document.forms['NewTKT'].Long.value;
var t_ShortD = document.forms['NewTKT'].Short.value;
if( t_LongD == "" || t_ShortD == "") {
alert("You must enter a Short Description and a Long Description. Thanks!");
return false;
} else {
return true;
}
}
</script>
Code:
MasterController.php
<?php
session_start();
if(!$_SESSION['UNAME']){header("location: ./index.php?MSGID=NoSession");}
if( $_REQUEST['FORMACTION'] == "NEWTICKET" ) {
DO_STUFF_HERE
}