It is not about login form or something similar. The application already running secured session. It is about internal task for updating particular data. As part of application, I create one main file which include another php file using the php include method. The included file represents a framework for including of a form selected from many possible forms. Selection is performed using anchor tag in side menu, which is dynamically created using js and php from MySQL database.
//path for mainfile.php: /ThemeDir/SecuredDir/workDir/mainfile.php
mainfile.php
….
<nav class=”side-menu”>
<ul>
<li class=”sub-menu”> <a id=”dir-path” href=”#”></a>
<ul>
<li class=”anchor”>
<a href=”#form-name”>
<span id=”form-label”>form-label</span></a>
</li></ul></li></ul></nav>
....
<div id="uso"><?php include("../formsDir/mainframe.php"); ?></div>
<div id="hddForm" style="display: none">
<form id='obrForm' action="" metod = "post" role="form" name="obrForm">
<input type="text" id="incPath" name="incPath" value="" />
</form>
</div>
….
Mainfile.js
$(document).ready(function() {
….
$(". anchor > a").click(function(e){
e.preventDefault();
var fname = $(this).attr('href').replace(/^#+/, '');
var dir = $(". sub-menu a").attr("id");
var incPath = dir + "/" + fname + ".php"; //path to form-name.php
document.getElementById("incPath").value = incPath; // parse data
submitIfFormComplete()
function submitIfFormComplete(){ // submiting a form ‘obrForm’
var tag = document.forms[0].getAttribute("id");
if (document.getElementById('incPath').value !== ""){
document.getElementById(tag).submit();
alert('submited');
}else{alert('shit submited');}
}
});
….
});
//path for mainframe.php: /ThemeDir/SecuredDir/formsDir/mainFrame.php
mainframe.php
<meta charset="utf-8">
….
<div id="inc-div">
<?php
If (isset($_GET["incPath"])){
$incPath = filter_var($_REQUEST["incPath"], FILTER_SANITIZE_FULL_SPECIAL_CHARS);
include $incPath; //same result w or w/o echo
//path: /ThemeDir/SecuredDir/formsDir/sub-formsDir/form-name.php
}else{
echo "SHIT POST";
}
?>
</div>
….
So far so good. Until now it works as it's supposed to work. The problem appears when form is invoked, first looks as it should, but for a split of second disappears, so that the mainfile.php with included mainframe.php returns to its starting condition. It is obvious that the last procedure involves refreshing the file, and because most are mainly dynamically created procedures, everything are returned to the initial state. I checked all the procedures relating to this part of the application and nothing affects this problem. In all steps i have a procedure to intercept errors, but no errors registered. I could not find similar or identical problem around the forums on the web. I hope that this behavior has a solution so any advice will help me a lot.