0

I'm trying to build a system that will give a user a random question, then send the user's answer and the correct answer to the next page via POST, without ever showing the user what the correct answer is. When FileB.php loads, var_dump($_POST); reads

array(1) {
  ["response"]=>
  string(32) "Whatever the user's response was"
}

Why doesn't what I have below work? Why isn't the ans post request going through?

FileA.php

<?PHP
function post($data) // from http://stackoverflow.com/questions/5647461/how-do-i-send-a-post-request-with-php
{
    $options = array(
        'http' => array(
              'header'  => "Content-type: application/x-www-form-urlencoded\r\n"
            , 'method'  => 'POST'
            , 'content' => http_build_query($data)
        ),
    );
    $context  = stream_context_create($options);
}

post(array("ans" => "Correct Answer"));
?>
<HTML>
<HEAD>
<TITLE>Form</TITLE>
</HEAD>
<BODY>
<FORM METHOD="post" ACTION="FileB.php">
    <LABEL>What is the correct answer? <INPUT TYPE="text" NAME="response"/></LABEL>
</FORM>

FileB.php

<HTML>
<HEAD>
<TITLE>Results</TITLE>
</HEAD>
<BODY>
<?PHP
if ($_POST["ans"] == $_POST["response"])
{
    echo "You are correct!";
}
else
{
    echo "You're wrong!";
}
?>
</BODY>
</HTML>
Ky -
  • 30,724
  • 51
  • 192
  • 308
  • hmmm - I think you're doing 2 seperate post events here, and they both won't go through at the same time, so FileB gets the answer, then later it gets the response, but it forgot what the answer was from before (obviously). Why not try hidden field in the form then they will both get submitted in the form data but won't be shown visually to the user (of course, if they know anything about web dev, they will be able to find it in the source) – Strat Jun 26 '13 at 17:18
  • @bwoebi it sounds like you know what you're talking about. Why not give a useful answer? I'll try it out and see if I can make it work in my project. – Ky - Jun 26 '13 at 17:21
  • @Strat it sounds like you know what you're talking about. Why not give a useful answer? I'll try it out and see if I can make it work in my project. – Ky - Jun 26 '13 at 17:22
  • you said **I'm trying to build a system that will give a user a `random question`**, so from where you are getting this question and answers? better way is if question has an `ID` then set it in a `hidden` field, then do something with that `ID` when checking for right answer – bystwn22 Jun 26 '13 at 18:12
  • @bystwn22 they will be randomly chosen from a list in `FileA.php`. Your idea is really, good, though! – Ky - Jun 27 '13 at 02:02

4 Answers4

1

After you got Strat's suggestion working, an improvement might be to store the correct answer in a session variable instead of revealing it in the HTML source. You don't need a hidden field then. Example:

FileA.php

session_start();
$_SESSION['answer'] = "....";

FileB.php

session_start();
if ($_POST['response'] == $_SESSION['answer'])
{
    echo "You're right.";
}
...
Bernim
  • 68
  • 6
  • Except that it will not work for all cases. Let say I open Question1, then open Question2. Then I decide to answer Question1 before I answer Question2. – invisal Jun 26 '13 at 17:48
  • Good point! I was thinking about a single question only, e.g. some kind of captcha for a registration form. – Bernim Jun 26 '13 at 19:59
  • @invisal Good point, but I won't have to worry about this. It'll be a human-verification page, so all questions will be open at the same time and submitted at the same time – Ky - Jun 27 '13 at 02:09
0

Why don't you have a submit button or something like "JavaScript+Ajax" to capture user input ? If this isn't your issue, please specify what exactly doesn't work with your script ? Do you get "You're wrong" even when the response is correct or you don't get any output at all ? It could also be because you call post() before taking input.

Mayank Kumar
  • 59
  • 1
  • 7
  • I do have a submit button, but I forgot to include it here. However, pressing enter on the input will do it anyway. I specified very well by dumping the `$_POST` variable that the earlier `ans` post request isn't being sent at the same time as the page. How do I send the post at the same time as the page? – Ky - Jun 27 '13 at 02:06
0

Try something like this:

FileA.php

<HTML>
  <HEAD>
    <TITLE>Form</TITLE>
  </HEAD>
  <BODY>
    <FORM METHOD="post" ACTION="FileB.php">
      <LABEL>What is the correct answer? <INPUT TYPE="text" NAME="response"/></LABEL>
      <INPUT TYPE="hidden" NAME="answer" VALUE="Correct Answer" />
    </FORM>
  </BODY>
 </HTML>

FileB.php

<HTML>
  <HEAD>
    <TITLE>Results</TITLE>
  </HEAD>
  <BODY>
    <?PHP
      if ($_POST["answer"] == $_POST["response"]){
        echo "You are correct!";
      }else{
        echo "You're wrong!";
      }
    ?>
  </BODY>
</HTML>

Obviously change the VALUE of the answer input to whatever your answer should be. Not the best solution if you need to hide the answer 100%, but probably the easiest to get it working.

Strat
  • 171
  • 5
  • This is for pony validation, and your answer is ridiculously easy for bots to figure out. I do use this on other fields, though. – Ky - Jun 27 '13 at 02:03
0

From what I understand from your question is that you would have like to pass two variables: random question and its answer to FileA.php, but you also want your answer to be hidden. Then, you use POST to send the answer to FileB.php.

You can do as what @Strat has suggested, by having a hidden field. For example:

<?php
    $random_question = '.....';
    $random_answer = '.....';
?>

<?php echo $random_question; ?>
<form action='fileB.php' methid='POST'>
     <input type='text' name='response' />
     <input type='hidden' name='ans' value='<?php echo $random_answer; ?>' />
</form>

The downside is that hidden field only prevent broswer from displaying the answer, but they can easily inspect the element and get the correct answer. You can prevent it by

<input type='hidden' name='ans' value='<?php echo md5($random_answer); ?>' />

and

if ($_POST["ans"] == md5($_POST["response"]))

The solution that I suggest is not the best. There is probably a better way to do it if you provide more context such as whether there is database behind the script that random the question.

invisal
  • 11,075
  • 4
  • 33
  • 54