I am working on darskite project in case of crisis. For this project we want to prepare a specific case.
We need to inform the user visiting our website of the crisis (eg : our factory has an electrical failure). We want to show him this specific page of information only during the first time he comes in our website. For the next visits, he must visit our classical homepage.
How can we target and identify a user to redirect him only once to the alert message (when he first logs in)? Are there any solutions like those for retargeting Google or Facebook via cookies? If Yes, what kind of cookie ?
Our website is powered by Drupal 7. Can Drupal handle this case?
Thank you for your ideas.
From the drupal docs:
https://api.drupal.org/api/drupal/modules!user!user.module/function/user_cookie_save/7.x
What you can do is: You first check if a cookie has been set. If not, then you set it. The next time the user visits your site, he/she will have a cookie so the logic gate will be passed.
Here's an example that you can use in your header file in drupal:
if (!isset($_COOKIE['some_descriptive_cookie_name'])) {
user_cookie_save('some_descriptive_cookie_name');
drupal_goto('temp/page/here', [], 307);
}
drupal_goto is documented here: https://api.drupal.org/api/drupal/includes%21common.inc/function/drupal_goto/7.x
Good luck.
There are two approaches:
You can do it using the JavaScript's localstorage
You can do it using PHP's $_SESSION[' ']
Both will follow the same mechanism, when user loads the webpage for the first time, set a variable as true. Now for the next visits check this variable, if it is set to true, don't load the first page and redirect it to your classical page.
Drupal can handle almost everything.
What I would do is to create a boolean private field in the users profile to store if the user already saw that particular page.
Following this approach you can also make reports about how many users have seen that page, or know if a particular user saw that page. Using fields gives you a lot of power in Drupal.
How can you store this value when the user sees the page? Check the rules module and don't forget to active the rules UI so you can configure this action triggered by the mentioned condition.
You can use hook_user_login.
function MODULE_user_login(&$edit, $account) {
// The user has never logged in before.
if ($account->access == 0) {
// Redirect user when first login.
$_GET['destination'] = 'redirect_url';
}
}
Related
I have a drupal website and I am trying to integrate an API of a control panel I am integrating the login of into the drupal site. In the API I must define a logout link mywebsite.com/logout that tells the user he or she has logged out.
However, I want it to go back to the login page and display an alert.
I was hoping there was a way in which I define the logout link in the API as mywebsite.com/login?=logout or something like that.
When the user logs out of the control panel, then it sends the user to mywebsite.com/login?=logout.
I have HTML code I would like to displayed on the page when the URL includes
?=logout. I have the HTML code for the dismissible box that appears on the top of the page already. However, I do not know how to implement it so that it only appears when the URL is mywebsite.com/login?=logout
Thanks!
You can do like.
if(isset($_GET['logout'])){
echo "<script>alert('test');</script>";
}
Hope it helps you.
PHP is a server side language, so, in order to do that, you would need to keep an open connection with every user that visits it. It is not very good idea to do that unless necessary.
Since this is a simple task, PHP can output a simple metacommand in the HTML code, as follows:
<meta http-equiv="refresh" content="300; url=http://www.yourwebsite.com/yourloginscript.php?action=login">
That alone will not do the job though, because if the user navigates back the web page will serve the page normally. No. You also need to make the cookie expire after a certain time this can be done like this:
// get the $username first, it can be store in the SESSION.
setcookie('username', $username, $Logtime)
Remember to set the $Logtime to 300 seconds. Refresh this on every visit to the website, so that the 300 seconds start every time user opens a page. Check the validity of the cookie on every visit to make sure the user is still logged in, With this, you will get the functionality that you want.
Another way to do it, is using:
<meta http-equiv="refresh" content="300; url=http://www.yourwebsite.com/yourloginscript.php?action=logout">
And simply have the script log the user out at that moment, like this:
// Clear the username.
setcookie('username', "", $Logtime)
Be aware that this will not work if the user has somehow disabled HTML forwarding, and there are various ways to disable automatic forwarding.
Even another method to do it would be to jave a timer in Javascript to do the job, and forward to a "logout" URL after the time elapses.
I would personally use a combination of them all just to make sure.
I have a website with 2 types of membership, lets call them "basic" and "premium". What I want to happen is for site links to redirect the user to the relevant profile page based on their membership status, but I don't want there to be too much emphasis on what type of member they are in the url. I'll try to explain it better:
username_1 = Basic Member
username_2 = Premium Member
URL Redirection
website.com/basic.php?user=username_1
website.com/premium.php?user=username_2
Output
website.com/username_1
website.com/username_2
Any ideas how this can be achieved and if it can, how would the direct linking be effected, i.e. typing www.website.com/username_1 directly into the browser?
I assume you already have a working user system, and some kind of routing so that anything after the website.com/ is matched as a username. In the code that handles the user profile page, you have access to the username, and can get the user's profile from that.
Assuming you store the user's membership type in the profile, simply just check for that value and include the appropriate view. Might not be the best practice and how things are usually done, but here's a sample:
$user = get_user_from_db($username);
if ($user->member_type == 'basic') include 'profile/basic.php';
else if ($user->member_type == 'premium') include 'profile/premium.php';
It's not so much of the link redirection that matters. What matters is how you handle the user when loading his or her profile page.
Your case could be resolved with php login system with admin features:
http://evolt.org/node/60384
I am very curious because I would like to be able to check this myself on my own site, as I am currently in the process of designing it. An example would be:
www.somesite.com/product.php?id=1356
When using Facebook, a user can change it and they get the user associated with this id. But in other sites, specifically Ecommerce sites, when I change it, it either fails or goes to the homepage.
There isn't any way to see if the user changed it. This is part of secure coding. From the server's perspective, you need to validate all of your inputs, and validate that the current user actually should have access to the resource they're requesting.
See https://www.owasp.org/index.php/Top_10_2010-A4 for some additional details and examples.
Facebook may seem to allow this only for the example that you've given because the user profile ID that you're attempting to access may be public to you. However, you won't have access to all other user profiles - only user profiles that you have permission to access. If you tried to access my Facebook profile ID, you would also see your access be denied here.
Since this is tagged as e-commerce, you should also be aware of the PCI DSS if you aren't already - where 6.5.4: "Insecure direct object references" applies specifically to this scenario.
When using Facebook, a user can change it and they get the user associated with this id. But in other sites, specifically Ecommerce sites, when I change it, it either fails or goes to the homepage.
Facebook does the same thing.
https://www.facebook.com/profile.php?id=102934810293841029348 goes to an error page titled "Profile Unavailable", because that ID doesn't exist.
You're likely just changing it to nonexistent IDs.
That works via $_GET method (or $_REQUEST)...
The reason you can change some site id (or any other parameter which is part of the url), and it works, is that because they programmed it to behave like that. It actually depends of how this url parameter is used in the background. For example, in product.php you will have something like this:
if(isset($_GET['id']) {
$id = $_GET['id'];
$id = filterid(id)..... and so ...
// Maybe check for id and redirect if id is not ok
// Maybe check for id and some additional secrete parameter ...?
// What is the id? What kind of behavior you want?
}
Reason why you have different behaviours across different websites - in dependence of url parameters (in this case "id") - is because different behaviours are implemented under different circumstances...
Some of them implement strict checks (especially for id's) because of the security!? For example, if you have page and you know that your id must be a number, and you know, that the max id in your database is for example 15000, you can write something like this....
if(isset($_GET['id'] && strlen($_GET['id']) <= 5 && isNumeric($_GET['id']) {
//if everything is ok you can execute your code here
}
else {
$id = 1; //if someone try to put something else in id, you will simply redirect him on first id(firs product)
}
That is just one example of behaviour. Now consider what else can be done? What do you want to do? How do you want it to behave? What kind of behaviour you will implement on your side - in dependencie of the parameters within the url is to totally up to you. User can follow up your logic on your web app by clicking on your predefined links - or he can manipulate with the url how ever he wants. You dont have possibility to check this. All what you can do is properly validate all of the inputs (no matter are they coming from the URL or some kind of post request)
I am making a twitter application using PHP. Please excuse me if this question is elementary. In my application, the initial landing page (index.php) contains code for login/oauth. If the user logs in successfully, should I load a new page altogether or simply echo html that renders the user's profile page. For example:
if(login success)
{
load a file that renders selected user's profile page
}
or something like
if(login success)
{
echo html that renders a profile page.
}
If I understand correctly, you're trying to decide what to show the user once they log in. Rather than think what you should show them, what does the user want to do right away? Why do they use your site? If users want to see their profile right off the bat, then do that. If they want to see feed activity, show them that. To start off, you may want to create a simple page that acknowledges they are logged in and give them their major options. Track what users click and see what that tells you. If the vast majority use feature X immediately, then consider loading feature X first. If the users are all over the map, let them pick what they want to do, record it as a preference in their profile, and load that automatically.
In the end, the best thing to show a user when the log in is the first thing they most want to see. :)
I'd recommend looking into the use of some sort of PHP MVC framework.
Background: I have a website, which we'll call AwesomeSite.com; it handles all of my traffic. Additionally, for the purposes of marketing I have a second domain, which we'll call PromoForAwesomeSite.com; it redirects all traffic straight to AwesomeSite. Both sites are built using PHP, MySQL, and Apache.
Problem: I want to serve up different content to users based on how they came to my site. Specifically, I want to show promos if the user was redirected from PromoForAwesomeSite.
Question: How can I detect that a user came from PromoForAwesomeSite and thus create a different session state for them?
p.s. I am well aware of the shortcomings of this approach, in that once a session cookie is deleted promo users cannot see the promo content unless they revisit the redirect site (not likely). Unfortunately, this cannot be helped.
You can utilize the $_SERVER['HTTP_REFERER'] and see if contains the PromoForAwesomeSite.com in the referrer string. For instance something like this:
session_start();
if(substr_count($_SERVER['HTTP_REFERER'] , 'PromoForAwesomeSite.com')){
$_SESSION['from_promo'] = 1;
}
As referrers can be blocked by the browsers, so you might look into the possibility of sending a GET param in the redirect string from the promo site. Not sure how you are redirecting from your promo site but if its PHP you can do something like this , if not you will get the idea what I mean :)
HEADER('Location: http://AwesomeSite.com/index.php?from=promo');
So instead of (or in additional to) checking the referrer you can also check for this string and save in the session.
In your case the referrer won't be carried on if you do an automatic redirect at the landing time. Thus, If I were you, I would handle it like this:
1. On PromoForAwesomeSite.com
header('Location: http://www.awesomesite.com/promo.php');
2. On AwesomeSite.com
a. Create a promo.php gateway page
b. On the gateway page
setcookie('Promo', '1', time()+(5 * (24 * 3600))); // five days promotion cookie - adjust it
header('Location: http://www.awesomesite.com/index.php');
c. On the index.php
if($_COOKIE['Promo']){
// show promotion
}
This way you will solve the issue with the session as well.