Unique ID in PHP vs. $_POST Form

Here's the idea: User hits a page where he can create an "item. On this page he can upload files and before submitting form (powered by Flash for users with Flash/Javascript support and powered by pure PHP + 5 file unputs + iframe for users without Flash/Javascript). It needs to stay on the same page.

When user hits a page I'm using this snippet to create long unique ID:

$random_id = hash('SHA512', (time() * microtime()) . mt_rand(1, 1000) . mt_rand(1, 1000) . uniqid((time(开发者_如何学C) * microtime())));. This variable is stored in session. Anyway, I need to recreate it every time user hits this page (because he may cancel adding item this time and decide to add it few minutes later). I store it also in hidden input in frontend (to let Flash/HTML form send this variable with $_POST array)

When user uploads a file with Flash/Javascript OR when he uploads a file using PHP/iframe I'm validating files, renaming & moving them to a temporary directory with temporary name ($randon_id).

When form is submitted I'm using $random_id to find uploaded files and add correct item id to files table.

Now I'm facing quite big problem. Os course I use frontend validation (but it's a kind of "toy", only to increase usability) so I need to validate form by PHP. Sometimes happen user provide incorrect data (incorrect format, etc.). When user hits submit button, page reloads. And now I come with my problem:

When page is reloaded $random_id changes as it's being refreshed. So, hidden input in HTML form (once again, it's used by Flash form and HTML form as well). How to avoid this?

To clarify: No, I don't want to block my website for users without Flash/Javascript. Accessability is a key for me, this website needs to work for anyone (with and without Javascript/Flash, etc.).

PS. I'mg using KohanaPHP framework.

Regards,

Top

If I understand you correctly, just dont set a new unique ID value in the session if one is already set. ie check if it already exists for the session and use that if it does. Then each page load by the user will have that same ID until the session expires/ends.