Readonly form field
I am trying to customize a custom form in wordpress using a plugin and following these instructions as a tutorial: http://code.tutsplus.com/tutorials/creating-a-custom-wordpress-registration-form-plugin--cms-20968 . I'm not trying to create a "register user" plugin, I'm just taking this as an example of creating custom forms in wordpress. For my question, I don't think using wordpress matters, so I post this question in the general section.
Now I want to solve some security issues.
I have an input field for this form that takes the value "name" from my database and displays it to users in a form field. This "name" is then sent back to the database. I don't want users to be able to modify this field. I used "readonly" in my form, but anyone can edit the page source and edit that "name", so it's not that secure.
What can I do to prevent visitors from editing this field?
I can use JavaScript if needed.
source to share
I hope this helps you to stop passing invalid edited values
While repeating your shape, make the hidden input like this .... with hash_mac
$secret="mysecretstring":
$string =strtolower($name_retrived_from_db);
$hmac = hash_hmac("sha1", $string, $secret);
echo '<input type="hidden" name="foo" value="'.$hmac.'">';
echo '<input type="text" name="given_name" value="'.$name_retrived_from_db.'" readonly>';
Then at the end of the receiver check the given name with $ hmac
$secret="mysecretstring":
$string =strtolower($_POST['given_name']);
$hmac = hash_hmac("sha1", $string, $secret);
$foo = $_POST['foo'];
if $ hamac and $ foo match. Then nobody edited your entry. Make your "mysecretstring" unpredictable.
if ($hmac == $foo ) {
// Your read only input has not been edited
} else {
//Input Edited
}
source to share