0
$('.folder').on('contextmenu', function(ev){
    ev.preventDefault();
    var a = $(this).attr('data-id');
    var b = $(this).text();
    $('.marked').removeClass('marked');
    var c = $('#path').html();
    var d = '<span class="spant" data-id=' + a + '>' + b + '</span>';
    var e = c + d;
    $.ajax({
        url: 'params.php',
        type: 'post',
        data: {
            'path': e,
            'par': a
            },
        success: function() {
            location.reload();
        }
    });

});

params.php

session_start();
if(isset($_POST['path'])) {
    $_SESSION['path'] = $_POST['path'];
}
else{
    $_SESSION['path'] = '<span class="spant" data-id=0>HOME</span>';
}

if(isset($_POST['par'])) {
    $_SESSION['par'] = $_POST['par'];
}
else{
    $_SESSION['par'] = 0;
}

admin.php

<?php
include ("params.php");
echo $_SESSION['path'];
echo $_SESSION['par'];
?>

Result of echoing is old values, as $_POST variables are not set.
How can I get new values, set in javascript code ?

qadenza
  • 9,025
  • 18
  • 73
  • 126
  • Look out for a possible path traversal vulnerability in "$_SESSION['path'] = $_POST['path']". For a fix look at http://stackoverflow.com/questions/4205141/preventing-directory-traversal-in-php-but-allowing-paths/4205278#4205278 – Neil Yoga Crypto Aug 17 '16 at 00:51

2 Answers2

1

You made a mistake in the request, use: method: "post" instead of type: "post", so no wonder the post var's aren't set :)

$('.folder').on('contextmenu', function(ev){
    ev.preventDefault();
    var a = $(this).attr('data-id');
    var b = $(this).text();
    $('.marked').removeClass('marked');
    var c = $('#path').html();
    var d = '<span class="spant" data-id=' + a + '>' + b + '</span>';
    var e = c + d;
    $.ajax({
        url: 'params.php',
        method: 'POST',
        data: {
            'path': e,
            'par': a
            },
        success: function() {
            location.reload();
        }
    });

});

Hope this will fix it ;)

Cheers!

Evochrome
  • 1,205
  • 1
  • 7
  • 20
0

When you include params.php it's resetting the values back to the else conditions in your two if blocks.

Colin
  • 351
  • 6
  • 16
  • I tried to address ajax code to admin.php and move `if` code from `params.php` to `admin.php` - the same result. – qadenza Aug 16 '16 at 22:55
  • Have you logged $_POST to see what's in it? Maybe also call session_start() directly in admin.php (instead of including params.php) to make sure it's not that code? At the moment, if admin.php is every called without $_POST values, it's going to revert to your `else` values. – Colin Aug 16 '16 at 23:21