I have some php code like following lines of code when clicking on the image it goes to different departments.
Departments.php?DepartmentsID=6?&CampusID=1
which shows in url when click on it.
How I can easily encrpt it so that it doesnot show in url same is the case with downloading some file.
download.php?filename=abc.pdf?
how i can disable or encrpt the code so that i didn't show up in url.
thanks
want to hide varibles that as passing through html link
as far as I understand you want to pass some kind of token as the link and not something readable like the filename or an id to your site to handle the request. (the user only sees tokens and nothing else)
so clicking on a link gives you something like Departments.php?action=907fgash6f8906a6asf6g...
If you want something like that you would need some kind of database to store your tokens so your code knows what to do on a given token.
Or you could use actual encryption which you would have to decrypt and of course keep your key hidden and secure.
I don't understand why you need to do all this. If you can give more insight on why you want to do this there might be a better solution
In your PHP form change or set the method as method = "POST".
You're using the URI as a GET parameter which is where you are receiving such complications. You can choose a more MVC related method to approach this:
www.example.com/6/1
The above example represents the Department ID as 6 and the Campus ID as 1 using a router. I suggest using AltoRouter.
$router = new AltoRouter();
$router->map('GET|POST', '/[i:d]/[i:c]', function($department, $campus) {
echo "Department $department on Campus $campus.";
// Add your code logic
}, 'Name of route');
$router_match = $router->match();
if($router_match && is_callable($router_match['target'])) {
call_user_func_array($router_match['target'], $router_match['params']);
exit();
}
// Some 404 stuff.
This can be used for mutli-mapping meaning you can change the download link to whatever you like, for example just unique file ID's that the end user must know to access it and on top of that, it could be a RBAC file before the download so only X users can download / view certain topics.
This repeats some of the info answered by others:
use POST, this only removes the ability to read the data in query URL but is still in clear text.
Ensure SSL is enabled for transport encryption
Use encryption at the message layer, the actual text itself can be encrypted if you so desire
Extra note, if the data is that sensitive and is stored at REST say in a DB, you may want to encrypt it there as well.
Basically "defense in depth" is the approach, there is never a silver bullet
Related
When I submit my form on PHP, I wish to create a temporary URL containing the POST information from the PHP. Also as there will be sensitive details, I also wish the link to auto-delete in 24 hours.How can I achieve this? Any suggestions? I heard of using tokens but I am new to this. Thanks
You should generate a random token for the filename. Create a file with that name and output your data.
If you wanted to delete them after an x amount of time, you either need a function that is running all the time, or you can validate the file's age before outputting the content.
you could use a router for that?
https://github.com/dannyvankooten/PHP-Router
any router could help you to generate "dynamic" url. where the URL comes to a method parameter.
hope it gives you an idea.
I know two ways for sending an ID to another page:
as URI segment. exemple: http://mypage.com/index.php/ID
as an input field in a form using POST or GET methods.
Is there another way than these tow?
The purpose is to have a list of records. When the user clicks on one of them, s/he gets the full details of the selected record in a different page.
"Is there another way than these two?"
You can store it in $_SESSION too. If that what you are curious about.
But it's not the best way with your current problem.
Simply use GET (www.yourpage.com/records/THEID)
Well, you might consider this to fall under your first option of a URL segment, but "URL segment" usually means some part of the URL before any GET parameters...just to make sure you're aware of this, you can also put in GET parameters in a URL yourself without creating a form.
These days, URI segments like index.php/123 are popular, but traditionally the way to link to a detail page like that was index.php?id=123; then you can access the ID using $_GET['id'].
This is one of those situations where I feel like there is a simple answer right in front of me...hopefully you guys/gals can show me the light.
PROBLEM :
I have a client that wants to maintain a query string across all pages on their site, only if they arrived at the site via a link that contains the query string.
This query string would also need to be passed with any external link from the site.
INFORMATION :
An example of the query string :
?utm_medium=<ad_placement>&utm_source=<ad_source>
(Obviously this is for tracking conversions from ads)
We're currently tracking all this stuff via Google Analytics (so, yes, I know that's an alternative), this is for an extra layer of reporting.
I did not code their site, which brings it's own set of issues (example: I'm not even sure they use a common header among all pages) - so I'm hoping there is a KISS answer out there for this.
Any suggestions?
If you just want to persist this exact query string on each page, why not set the linked pages to insert the string into a session variable. Then on each page link check to see if the session variable exists and add it to the query string when redirecting.
So - the answer here was this :
Use JS to grab the query string
Validate the query string
Add to a cookie
Append the cookie'd query string to every href in the DOM
Like I said...I knew there was a simple example staring me in the face haha!
This question is old and obviously must have been solved by now by #aepearson.
Adding another answer from current day perspective.
Now, one can also easily use sessionStorage also to save navigation data into a key. Pick it up whenever required, and add to url.
Example from Mozilla
// Save data to sessionStorage
sessionStorage.setItem('key', 'value');
// Get saved data from sessionStorage
var data = sessionStorage.getItem('key');
// Remove saved data from sessionStorage
sessionStorage.removeItem('key');
// Remove all saved data from sessionStorage
sessionStorage.clear();
OK - Thanks for taking the time!
I am using WP on a CentOS 6 server. I have a plug in with the functions, I have a function that makes a DB call and populates relevant products based on $_GET variables, I took from one of the other project and modify it so it works! But here where I run in to the problem, I go to the main page and i have a function that gets called first, goes through the URL name and determines the categories id and then from that I need to pass that to the URL so that when the next function then calls $_GET["category_id"] and that ID is there and ready to be use and it it does its magic. (all staying on the same page no refreshing or anything)
So I need to put that on the URL as the page is being loaded and so that I can use it (Again i get the variables from a function that is doing all the work with the address for relevant info,) So how do i do it? HTML or PHP, and a straight forward way no extra installs would be nice :)
Edit 1:
So is there something then I could integrate in that would be simple and straight forward that would allow me to do a mini refresh and get the right variables in place, never used JavaScript but seams to be getting or something in php ... Ideas are welcome :)
You can with javascript and the history API
The only way you can change the url without actually redirecting the user is by using the pushState method.
e.g. open a console and copy and paste this:
var stateObj = { foo: "bar" };
history.pushState(stateObj, "changes url to stackoverflow.com/yes-you-can", "/yes-you-can");
You won't be redirected, and the url of your browser will change unless, basically, you're using IE 9 or less. You can see a demo of this on html5demos.com
OK here is how I am going to get around this problem I am having
I made a new table in the DB and then I already have a list of the Domain We are using, so then I am going to give to the customer there are three columns and they will manually enter the fields and it will be on them to manage and change what they want displayed on the webpage.
CVS import and then BAM! done! just pull $_SERVER["SERVER_NAME"] and then compare that to the domain column and done! (I will have what ever cat's and sizes they want and it will not be on us to create any complicated functions and if statements for exceptions and it is in there hands!)
Not the exact answer I wanted to get but much easier and not so much complicated :)
I've been using the Facemash-like script. But the problem is that while rating people when we actually point our cursor towards a picture for every image there is a URL like:
rate.php?winner=XXX&loser=XXXX1
So, if we directly type this in the address bar the trick works! Hence there is chance for users to hack for their scores. I know we can change the GET methods to POST methods. And I've searched for this and nothing really helped me out. The links to the files(rate.php and index.php) are also included in the comments of this question.
I'm making my own Facemash-like engine and here's what I do.
I store two challengers' ids in PHP $_SESSION. Before displaying the new pair I check if $_SESSION is set and if it is I just display them instead of taking new pair from a database. This prevents cheating by refreshing the page until you get your photo. I did it because the community I'm making facemash for is relatively small.
So links look like vote.php?v=left or right. In vote.php I get ids from a $_SESSION['right'] and $_SESSION['left'] and then unset them. I looking forward to publish my script some day.
Yes, if you change from GET to POST then the parameters will not be displayed in the URL upon submission.
http://www.w3schools.com/php/php_post.asp
Instead of relying on GET/POST to determine the comparison, store the data in $_SESSION instead, and only let the user pick 'image1' or 'image2', then invalidate and create a new comparison after a choice is made.
Example site - form only lets you choose 1 or 2