I have the following code on a web page that is entered by a number of unique URLs.
This web page cannot use history.back or other javascript as it is impossible to account for the amount of clicks on this page.
I came up with this solution below to try to get & save the original referer page URL for later use. Basically upon page entry if the SESSION Variable whodat1 is empty it should populate. The only problem is that session is overwritten each time a page refresh occurs.
How do I make this session permanent or not overwritten when the page refreshes?
<!-- back to map button-->
<?php
if(isset($_SERVER['HTTP_REFERER'])) {
if(empty($_SESSION["whodat1"]))
$_SESSION["whodat1"] = $_SERVER['HTTP_REFERER'];
//echo $_SESSION["whodat1"];
?>
<input type="button" value="Back To Maps" id="show" onClick="window.location.href='<?= $_SESSION["whodat1"] ?>'" style="height:30px; background-color:#006; color:white;">
<?php }?>
Refreshing won't make session disappear or expire. Make sure you have
session_start()
Related
I am on my page index.php. From here I go with a link to myform.php.
myform.php:
<?php
echo "My last visited page is:".$_SERVER['HTTP_REFERER'];
?>
<form action="success.php" method="post">
<p>Your name: <input type="text" name="name" /></p>
<p><input type="submit" /></p>
</form>
The result I see on my page is:
My last visited page is http://www.mypage.com/index.php
Now I submit my form and come to success.php. Here I click my "back" button and come again to myform.php.
The result I see is now:
My last visited page is http://www.mypage.com/index.php
But what I expect here is:
My last visited page is http://www.mypage.com/success.php
You can use sessions..
Bottom of the success.php you can assign page name to sessions
$_SESSION['page'] = $_SERVER['HTTP_REFERER'];
When click on back button you can get that value using sessions(index.php),
echo $_SESSION['page'];
On that page at the bottom, you can assign current page name to session, then it can track on next page
The back button does strange things with variables and page refreshing. Try typing the http://www.mypage.com/myform.php address into the browser and seeing what happens.
N.B. I know this only deserves to be a comment, but reputation is a pain.
As you need to carry the previous info to forwarded page. Then it will be better if you use session. When you are visiting a page, store this current page in a session variable. Add this line at bottom on each page.
$_SESSION['page'] = "http://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]";
And to echo
<?php
echo "My last visited page is:".$_SESSION['page'];
?>
So whole text will look like:
<?php
echo "My last visited page is:".$_SESSION['page'];
?>
<form action="success.php" method="post">
<p>Your name: <input type="text" name="name" /></p>
<p><input type="submit" /></p>
</form>
<?php
$_SESSION['page'] ="http://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]";
?>
edit: Be careful when you are using multiple tab. Only latest info will be stored.
One way is, you can handle this by using PHP's _SERVER global, If the user first time visits your site, there will be no previous page, except that, the previous page will be last visited page identified by _SERVER, check out this script,
isset($_SESSION['current']) || $_SESSION['current'] = '';
// check for first visit to any page, initialize
if($_SERVER['SCRIPT_NAME'] != $_SESSION['current']){
// check if current page != previously recorded page
// order is important here in two lines, check it yourself
$_SESSION['previous'] = isset($_SESSION['current']) ? $_SESSION['current'] : '';
$_SESSION['current'] = $_SERVER['SCRIPT_NAME'];
}
You can make something like this, which ignores same page if user refreshes the page, disregarding the method being GET or POST.
You can include this script in common file to record the activity.
Array
(
[current] => /session/index.php
[previous] => /session/submit.php
)
I want to create a logout / sign out link from a 'members only' area of my website. So I created a logout.php script for this that the sign out link will navigate to and then I used header to redirect to index.php. My question is how do you prevent an user from navigating to the logout.php script by simply typing in the URL?
How do you prevent this for any instance for that matter?
For clarification:
I want users to logout using the sign out link ONLY i.e. by clicking on it; not by typing in the URL address of the logout script.
logout.php is as follows:
<?php
session_start();
if (isset($_SESSION['user'])){
unset($_SESSION);
session_destroy();
header ('location: index.php');
}
?>
You can stop that by making the logout.php a POST page rather than normal GET. One way of doing this is changing your Log Out link to actually be submitting a form, rather than just a normal link. Then on the logout page, check the form was really submitted before logging out. That will mean anyone just typing in the URL won't be logged out, while users clicking the link will be.
An example of this would be to make your HTML like
<form action="logout.php" method="post" name="logoutform">
<input type="hidden" name="logout" value="y">
Log Out
</form>
You'd probably want extra CSS to remove the form styling too.
The code in logout.php can be:
<?php
if ($_POST["logout"] == "y") {
/* Getting here means they clicked the link, so log them out */
}
?>
You can't stop them from typing logout.php in the browser, but this will ensure they will only actually log out when they submit the form (i.e. click the log out link). Just typing in the URL will get a blank page.
I want users to logout using the sign out link ONLY; not by typing in the url address of the logout script.
It is not really possible to avoid a visitor from changing the address bar URL in their browser. There's no real way to determine how the user accessed logout.php -- by typing in the URL directly or from a page on your website.
I think you're approaching the issue from the wrong perspective, but if you really want to do this, I'd suggest using a session variable.
This is a basic logout in PHP.
<form action="index.php" method="post">
<li>
<i class="fa fa-fw fa-power-off"></i><input type="submit" name="cerrar" value='Cerrar sesiĆ³n' style="outline:none;padding: 0; border: none; background: none;">
<?php
if (isset($_POST['cerrar'])) {
session_start();
session_unset();
session_destroy();
header("location: index.php");
exit();
}
?>
</li>
</form>
<body>
<?php
if(isset($_POST['vendor_add_submit'])){
//INSERT INTO DB
unset( $_POST['vendor_add_submit'] );
}
?>
<form method="post" action="<?php echo $_SERVER['PHP_SELF'] ?>" >
<label>Email</label>
<input type="text" name="vendor_email" value="" />
<input type="submit" name="vendor_add_submit" value="SAVE" />
</form>
</body>
unset( $_POST['vendor_add_submit'] ); is used to prevent more than one time insertion into db on page refresh. I tested with print_r($_POST['vendor_add_submit'] ) before and after the unset and found that the unset() function does not work.
How can I achieve the purpose of the unset function, plz?
Unset isn't going to stop the refresh from being able to replay the POSTed data to the script. The unset function eliminated it for the remaining execution of that script, but a refresh is a fresh execution.
You could simply re-direct the browser to the entry pageafter doing your insert, that way a subsequent refresh will be safe.
//INSERT INTO DB
//...
header('Location: samepage.php');
exit();
I'm sure there are other ways to accomplish this as well.
Your approach cannot work, you would just be editing the data that the PHP script has recieved. If the user refreshes the browser then it will submit the same data again, and PHP will populate a fresh new $_POST with the data the browser sent.
If you want to stop a refresh resubmitting the data, then use the POST-REDIRECT-GET pattern.
The $_POST value will only be removed on the Server-Side Meaning that on that one request PHP will not be able to see or use it (You removed it).
But you are rendering the Submit button on the page's HTML so every time someone visits the page and submit the form they will submit the value again. And you will remove it again for PHP on that current request. So every request would insert the data into the database.
You might want to rather look into rather checking if the record already does exists (OR if the user has one already, not sure what you want) and then redirect them away from the page using header('Location: otherpage.php');.
Hope that helps...
On the page 'selecteditems.php' I have a form like this:
<form method="POST" name="selecteditems" action="nextpage.php">
....i have some code here to display the values of the SESSION array in a table....
<input type="button" name="clear" value="Clear Session" onclick="window.location='selecteditems.php'">
<input type="submit" name="next" value="Go to Checkout">
</form>
Before the form on the 'selecteditems.php' page I have some code to add data ($_REQUEST params from the page that called 'selecteditems.php') to a $_SESSION array (this is working fine).
Inside the form I have some code to display everything inside the $_SESSION array (this is working fine). If the session is empty it should print "session is empty".
My problem:
I want to be able to click on the "Clear Session" button and have the session destroyed as well as the 'selecteditems.php' page reloading to say "session is empty" . If, the "Go to Checkout" button is clicked i would like to simply be sent to the nextpage.php page.
Any help would be appreciated in getting the 'selecteditems.php' to reload and echo "session is empty" after i have deleted the session.
Just put your clear session button as submit button with type="submit" (you have it as type="button", which has inconsistent behaviour across browsers does nothing) and then you can just treat it as a normal submission process:
if(isset($_POST['clear'])) {
session_destroy(); // Or other session-unsetting logic
header("Location: selecteditems.php"); // Reload your page
}
if(isset($_POST['next'])) {
//next page logic
}
You might not even need to reload the clear session page. For the 'session cleared message' you could either add the logic to the $_POST['clear'] block, or redirect to 'selecteditems.php?msg=cleared' and search for a $_GET['msg'] and output the correct message, up to you :)
I have a form in the homepage of a site, used as an include, that asks "Enter your zipcode", and with simple if else statements in the PHP file, it shows the preferred location (as provided by the client).
On submit, the location part simply uses the $_POST feature, and with some simple if else, locations are shown.
The problem i am having is carrying that value over to other pages. Once a zip code is entered and a result is shown, that result needs to carry over to other pages, but it doesn't I am having a hard time figuring that out.
/I've added a link -- */
http://www.subigya.com/stackoverflow/zipcode
Files:
http://www.subigya.com/stackoverflow/zipcode/zipcode.zip
I'm realizing some different problems now, and i can't get simply get sessions to run, i don't know why.
POST and GET are only carried to the page you request it to. session_start() creates a session or resumes the current one based on a session identifier passed via a GET or POST request, or passed via a cookie.
If you do indeed have the zipcode as posted, then you can simply retrive it on the next page with $myzip = $_POST['zipcode'];
to do it with session you must:
session_start();
on the top of the pages and set the vairable w/ $_SESSION['zipcode'] = 'myzipcode'; or to retrive the value $myzip = $_SESSION['zipcode'];
PHP Session
Update w/ Your Current Code in process.php:
<?php
session_start();
if(count($_POST)>0)
{
$zip = $_POST['zipcode'];
$_SESSION['zipcode'] = $zip;
} else if(isset($_SESSION['zipcode']))
$zip = $_SESSION['zipcode'];
echo 'Current zipcode in session: ' . $_SESSION['zipcode'] . PHP_EOL;
if ($zip=="00000"){
echo'
<div id="result1" class="zipcodeResult">
<p><span class="locationName yellow">Location Name</span><br />
Address 1<br />
City, Texas 77025<br />
888.88.8888<br />
GM, <span class="underline">John Quest</span><br /><br />
Menu | Catering | Private Dining<br />
Take Out | Map & Hours<br /><br />
Change My Location</p>
</div>';
}else {
unset($_SESSION['zipcode']);
echo '
<div id="result6" class="zipcodeResult">
<p><span class="locationName yellow">Unrecognized Zip Code</span><br />
The zip code you have provided <br />
is out of range. <br /><br />
We primarily serve <br />
the greater Houston area <br />
in the state of Texas.<br /><br />
<a href="search.php" class="backtoSearch"> Click here to enter <br />
another zip code.</a></p>
</div>';
}
?>
Here is just a simple modification to your existing process.php. I added session, and basically stores the entered zipcode into session variable $_SESSION['zipcode'];. Every time a user enters the zipcode in process.php it'll display what is placed into the session var zipcode. Since you have it in an iframe, to see if the session is working simply just click on the link that you have echo out, which should point to itself. If you were using GET or POST, the Session var zipcode would not show up, but it would if you are using Session. Hope this helps.
Using PHP there are multiple ways of transferring information form one page to another
1) Sessions (http://no2.php.net/manual/en/book.session.php)
On one page:
$_SESSION['someKey'] = 'someValue';`
On another page:
echo $_SESSION['someKey'];
For sessions to work you need to run session_start(); at the top of both pages (and indeed every page you want the session to exist).
2) POST (http://www.php.net/manual/en/reserved.variables.post.php)
3) GET (http://www.php.net/manual/en/reserved.variables.get.php)
If you need the zipcode only for time being and you don't need it to be persisted for the user, then you can either use session to store it for the entire session.
You can also use GET (adding the zipcode in the query string) if you move from one page to another. This is suitable, if you need to carry it along for a minimal no of pages and you do not have too many things to be carried along.
POST is another way of doing it and in that case you shall have to use cross page posting.
If you feel that the data should be persisted in the user's preference for future use, the best will be to put it in the user-profile and use it.
Using session or keeping it in the user-profile has one benefit that you can use it on any page across the site. You do not need to explicitly carry it around. But for POST and GET, you need to take the data to the other page explicitly. This might need some management.