Works only with array integer values of 1 to 9.

We will call this behavior soft reset...

The tracking variable in the example is 'link', so I will use it. If the path is 1, 2, 3 4 and the href is example.php?link=5, then the tracking variable exists and is wrong if the user path is 1, 2, 3, 5, 4. When the user follows the link=5 path, they are reset.

Path 1 = example.php?link=1
Path 2 = example.php?link=2
Path 3 = example.php?link=3
Path 4 = example.php?link=4
Path 5 = example.php

Not that link is not supplied in Path 5.

Secret path is Path 1, 2, 3, 4

User follows Path 1, 2, 3, 5, 4

With strong reset enabled, the user fails when they follow Path 5

With soft reset, the users path is still valid since Path 5 does not contain the tracking variable. When they complete the sequence on Path 4, they are validated.

You reset authHits in the script like this...

$secpth->authHits = 0;

Dave

Sorry but I am still a little confused.

You showed the following:

The tracking variable in the example is 'link'.

Path 1 = example.php?link=1
Path 2 = example.php?link=2
Path 3 = example.php?link=3
Path 4 = example.php?link=4
Path 5 = example.php

Path 5 does not have the tracking variable.
However, when you click on Path 5, is it not the same as refreshing the page example.php.

If the path then is 1,2,3,4 and I send 1,2,3,5,4 then at path 5 it refreshes the page so that the sequence is lost and I need to start over.
If I enter path 5 and then path 4, path 4 is considered wrong since I assume it is now considered at the first path which should now be path 1 after sending path 5

Am I not understanding correctly

Sorry I forgot something

You reset authHits in the script like this...

$secpth->authHits = 0;

It works but after reset to 0, it still counts from 8 not 0 if I keep sending Path.

After $attempts reaches 8, it does reset to 0
However, with more attemps, it starts counting from 8 not 0
Instead of showing 1 it shows 9

If the Path sequence is validated and then you are sent to secret.php, is it possible to completely wipe out the session
This is needed incase the browser is not closed.

I just tested strong reset and soft reset and it works as I mentioned.

Your path 5 could be example.php?test=5, the point is that 'link' is not being passed.

Make sure you are doing a soft reset...

if( $secpth->validatePath(false) === true ){


Now if the user follows path 1, 2, 3, 5, 5, 5, 4 they will still be validated at 4 because 5 does not contain the tracking variable. If you are doing a soft reset, the users sequence is NOT reset if the tracking variable is NOT present. If you are doing a hard reset, the user sequence IS reset even if the tracking variable is NOT present.

I really don't know how to explain it any clearer than that.

Make sure you reset authHits before you are saving the object to the session. It has to be done before...

//save class object to session
$_SESSION['secpth'] = serialize($secpth);

any changes made after that statement are not saved.

Dave

I understand the soft reset now.
If link is replaced by test then the tracking variable is wrong
I forgot to add soft reset:
if( $secpth->validatePath(false) === true ){

Now is working as you stated.

With respect to authHits, it does reset as you stated.
However, this only resets when path sequence is validated.

I was hoping to reset to 0 after 8 had been reached so that it resets to 0 and not 9 even if it is not saved

I see that the sequence is stored in $path = array(1,2,3,4)

I would like to be able to get access to the array so I can count the number of links and also display all the links
Am having a little problem with this
Could you please advise how to do this.

After a sequence is validated and you are sent to secret.php is there a chance to destroy the seesion in case browser is not closed

Thanks

Refer to this code block...

$attempts = $secpth->authHits;
if( $attempts == 8 ){
$secpth->authHits = 0;
}

The counter authHits increments when the validation is run. On the 8th attempt...

$secpth->authHits will reset to zero
$attempts will remain at 8

On the next click...

$secpth->authHits will equal 1
$attempts will equal 1

Each click after will continue to increment until 8 is reached and we start the cycle over again. I think this is the behavior you are looking for.

There is a method to get the secret path...

$secretPath = $secpth->getSecPath();

Now you can work with the new $secretPath array. There is no method to get the current user path, so you would have to add one to the class. It basically would be exactly like the getSecPath method, only returning $this->userPath instead.

A different approach, you can always make the secret path and user path public to be able to access them from the script. So in the secretpath.class.php file, change...

private $secPath;

private $userPath;

to...

public $secPath;

public $userPath;

Now in your script you can process these...

$pathLength = count($secpth->secPath);

foreach( $secpth->secPath as $value ){
echo $value.' ';
}

$userPosition = count($secpth->userPath);

foreach( $secpth->userPath as $value ){
echo $value.' ';
}

The reason these properties where private is so that they can not be changed outside of the class. Making them public not only gives you the ability to read them, you can change them which can break the script, so be careful what you do.

You can reset the saved object by destroying it in the session...

unset($_SESSION['secpth']);

I do want to point out to anyone else reading this that we are working with a modified version of the class and they will need to read the entire thread to implement some of these new features.

Dave

I still have a problem with authHits

I used:

$attempts = $secpth->authHits;
if( $attempts == 8 ){
$secpth->authHits = 0;
}


When $attempts is 8, then $secpth->authHits goes to 0

I echo the values and find that $attempts was 8 and $secpth->authHits was 0 as you stated.

However, on the next click:

$secpth->authHits will equal 9
$attempts will equal 9

I expected both the values to be 1

Am I missing something.
I put the script on the example.php page.
Is there something else I need to do

Thanks

That would happen if it was placed after saving the object to the session, as I mentioned earlier. Make sure your code is BEFORE...

//save class object to session
$_SESSION['secpth'] = serialize($secpth);

Dave

Can we discuss soft and strong reset again.

For soft reset we have:
if( $secpth->validatePath(false) === true ){

For strong reset we have:
if( $secpth->validatePath() === true ){

Our secret path is: 1,2,3,4
Path 1 = example.php?link=1
Path 2 = example.php?link=2
Path 3 = example.php?link=3
Path 4 = example.php?link=4
Path 5 = example.php?test=5

We see that Path 5 has tracking variable test instead of link

Path 1,2,3,5,4 will be validated in soft reset since test is used instead of link in path 5

For strong reset, Path 1,2,3,5,4 will not be validated and sequence is reset to start from beginning regardless if test or link is used.

What I was hoping soft reset was that even if you entered the correct tracking variable but wrong path number, that it would not reset.

For example
Our secret path is: 1,2,3,4
Path 1 = example.php?link=1
Path 2 = example.php?link=2
Path 3 = example.php?link=3
Path 4 = example.php?link=4
Path 5 = example.php?link=5

We see that Path 5 has tracking variable link also in this case.

If we entered sequence, 1,2,3,5,4 it should be validated, even though wrong path number was entered with same tracking variable.

When the tracking variable is link for all paths then soft reset behave as strong reset.

The reason for this is that when you have a long secret path, there is always the chance of an error and so you want to give a break instead of having to start all over.
I know there would be cons against this but depending on application you would not want to irriate a customer.

Any comments

The reset happens in the validatePath method...

if( $this->userPath[$key] != $value ){

unset($this->userPath);
break;

comment out the line like this...

//unset($this->userPath);


The user path will no longer reset if the tracking variable is supplied and the user is on the wrong path. If using a soft reset, you will have to manually reset the users path using the processes we have discussed earlier. If using a strong reset, the users path will reset if the tracking variable is not supplied.

Dave