I'm trying to find a way to make it so that you can check if your current page url contains things like 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 the problem is this format could literally go on forever and at any random time I would need to make it so that one of the numbers doesn't display.
Currently I'm using a system like this to gather the current page URL.
$d = explode('?', $_SERVER['REQUEST_URI'], 2);
echo 'http://' . $_SERVER['HTTP_HOST'] . $d[0];
However I'm unfamiliar how we could simply check the URL for certain parts and then redirect it back to the index page.
EDIT: This is my current code (Note I'm using laravel).
if (strpos($d, '19') !== false) {
header( 'Location: http://example.com' ) ;
} else { ?>
<form class="form-horizontal" role="form" method="POST">
{{ csrf_field() }}
#if( strlen( $link->password ) )
<p class="bg-warning" style="padding: 8px;">Enter password to continue</p>
<input type="password" name="password" class="form-control" style="margin-bottom:1.5rem;">
#endif
<button type="submit" class="btn btn-primary">{{ $link->text }}</button>
</form>
<?php } ?>
Sorry for the messy code, Just trying to figure out how I can achieve this without having numerous strpos and actually have it echo out the form as right now it does not.
if you get data from url and page is like this test.php?id=1 you directly access the data using $_GET method and process them. In my case i access the dirctly $_GET["id"], its return value 1. so you directly compare value.
Thanks.
You're in luck, that feature is literally built-in to php!
<?php
echo $_GET['id']; //fetches whatever is after the id= (and before the next '&') example.com?id=WhateverComesHere
?>
Related
$_POST won't recognize the value mailuid from the login form on this page or others (profile page).
$_Get methods do not work because of how the login system is built and unsecured.I need mailuid value to bring them to their own profiles page after login.
Login Form since its's post method I should be able to grab the value on other pages and this one
<div class="modal">
<div class = "modal-content">
<section class="section-default">
<h1>Login</h1>
<?php
if (!isset($_SESSION['Id'])) {
echo'<form action="includes/login.inc.php" method="post">
<input type="text" name="mailuid" placeholder="Username/E-mail...">
<input type="password" name="pwd" placeholder="Password...">
<button type="submit" name="login-submit">Login</button>
</form>';
} else if (isset($_SESSION['Id'])) {
echo '<div class="signup12">
You Do not have an account? Sign Up
</div>
<div class="forgotpwd">
Forgot your password?
</div>';
}
?>
</section>
</div>
</div>
Temporary check for the mailuid value. Supposed to grab the value form the login form a spit it back out, to check to see if it is recognized
<?php
$user = $_POST["mailuid"];
if (isset($_POST["mailuid"]))
{
$user = $_POST["mailuid"];
echo $user;
echo " is your username";
}
else
{
$user = null;
echo "no username supplied";
}
?>
First I would clean this up:
$user = $_POST["mailuid"];
if (isset($_POST["mailuid"]))
{
$user = $_POST["mailuid"];
echo $user;
echo " is your username";
}
else
{
$user = null;
echo "no username supplied";
}
Instead it can be written more concise:
$user = isset($_POST["mailuid"]) ? $_POST["mailuid"] : false;
if( $user ){
echo "{$user} is your username";
} else {
echo "no username supplied";
}
I prefer Boolean false over NULL, null just means it doesn't exist. Boolean false lets you know you checked it and it didn't exist. Generally should should access $_POST as few times as you can. This is because you should never trust $_POST.
$_Get methods do not work because of how the login system is built and unsecured.
Post is no more secure than get, it's quite easy to post anything to the page even without visiting the site by using something like PostMan etc. Once you assign it to a local variable you know you have at least normalized the data, even if you haven't sanitized it yet.
Also don't forget to call session_start before trying to access $_SESSION. Because of the vagueness of the question, it could be that the form works fine, just the session data isn't being maintained because you haven't started the session yet.. etc....
Hope it helps.
Personally I would clean up the HTML part that makes the form as well, so instead of this:
<div class="modal">
<div class = "modal-content">
<section class="section-default">
<h1>Login</h1>
<?php
if (!isset($_SESSION['Id'])) {
echo'<form action="includes/login.inc.php" method="post">
<input type="text" name="mailuid" placeholder="Username/E-mail...">
<input type="password" name="pwd" placeholder="Password...">
<button type="submit" name="login-submit">Login</button>
</form>';
} else if (isset($_SESSION['Id'])) {
echo '<div class="signup12">
You Do not have an account? Sign Up
</div>
<div class="forgotpwd">
Forgot your password?
</div>';
}
?>
</section>
</div>
</div>
I would do something like this:
<div class="modal">
<div class = "modal-content">
<section class="section-default">
<h1>Login</h1>
<?php if (!isset($_SESSION['Id'])){ ?>
<form action="includes/login.inc.php" method="post">
<input type="text" name="mailuid" placeholder="Username/E-mail...">
<input type="password" name="pwd" placeholder="Password...">
<button type="submit" name="login-submit">Login</button>
</form>
<?php }else{ ?>
<div class="signup12">
You Do not have an account? Sign Up
</div>
<div class="forgotpwd">
Forgot your password?
</div>';
<?php } ?>
</section>
</div>
</div>
See how much cleaner that is. Most of this is just readability issues. For example there is no need to check if isset($_SESSION['Id']) in the else if condition, because it's either set or not. This is one less place to maintain the session variable key, and it makes the code less convoluted.
As for the actual problem, as long as you are reaching the above code after submission of the form, it should work. So that leads me to believe that you have something wrong in the action.
You should get a clean page after going to includes/login.inc.php meaning there shouldn't be much in the way of HTML. One thing you can do that is real simple is just add at the top:
die(__LINE__.' of '.__FILE__);
$user = isset($_POST["mailuid"]) ? $_POST["mailuid"] : false;
//... other code
What this will do is die which kills PHP execution, but outputs the argument you passed in. In this case I'm just putting the line and file that the die is on, that way it's easier to find later. But the point is to see if you are even hitting the correct ending script or the forms action/endpoint.
I only suggest this because you are really vague in what it's current behaviour is
$_POST won't recognize the value mailuid from the login form on this page or others (profile page).
For example, this doesn't tell me if you are even hitting the right page. Now had you said something like "all it does is output no username supplied". Then I would at lest know that. As I said above it could be just an omission of sesion_start() which must be called before attempting to access any $_SESSION stuff. You should call it only once, at the top of each page that uses sessions.
Although it's not a solution, it was too much to post in a comment. I would really like to help you more, but there just isn't enough information to go on.
I have a homework and it's a webpage (log-in page) and the task is to enter and bypass the login forum, well the first thing I have looked into was the page's source and I found that if I want the username I should go to /page.phps directory and I did that. After entering that directory I was redirected to another page with this piece of code
<?php
$super_admin_access = false;
// Set our super-admin level user?
if (isset($_GET['user'])) {
$user = html_entity_decode($_GET['user']);
if ($user === "<root>") {
$super_admin_access = true;
}
}
?>
<div class="logo"><img src="../assets/images/challenge-priserv-logo.svg" alt="Nethub logo"></div>
<div class="login">
<form class="form" onsubmit="doLogin(); return false">
<div class="message message-error" id="login-error-msg" style="display: none">Denied!</div>
<div class="field">
<div class="label">Username</div>
<input type="text" name="username">
</div>
<div class="field">
<div class="label">Password</div>
<input type="password" name="password">
</div>
<!-- In case I forget, details are at page.phps -->
<div class="actions">
<input type="submit" value="Access server" class="btn">
</div>
</form>
</div>
I don't know if I understand the php code in the right way, but what I firstly though of was writing the "<root>" in a html entity format which become "<root>", especially that there was a hint saying
Did you see the comment in the source code suggesting you take a look at page.phps? Take a look. What does urldecode do? Can you do the opposite of urldecode?
So I tried to login using the username "<root>" or the encoded one "<root>" I tried removing the quota but no luck, I don't know if there is a password or something like that, I would appreciate any help given, thanks :).
Form's input's name is username, but it checks for user. To get access to the super-duper-mega admin powers, pass a query parameter in the url
http://yoururl/page.php?user=<root>
Seeing as this is a piece of homework I won't give a direct answer, but rather point you in the right direction.
You are definitely on the right track, but you seem to have gotten a little confused with how PHP handles strings.
Let me give you an example. We go to the page login.php?user=tom.
<?php
$user = $_GET['user'];
$desiredUsername = "tom";
if ($user === $desiredUsername) {
echo "You're in!";
}
Let's take a look at the check that if() is doing in this case.
$desiredUsername === "tom"; // true
$desiredUsername === "frank"; // false
$desiredUsername === "jonas"; // false
When you are setting the $user variable in your code, you are wrapping <root> with quotes like so.. "<root>". While the PHP code checks to see if $user === "<root>", the quotes in this case are actually just specifying that we want to see if $user contains the string <root>.
Test your method of using the encoded entities "<root>" with and without the quotes on either side and see what happens.
First it's must be $_GET['username'] NOT $_GET['user'] because input field name is is "username" not "user"
I am using a form and the 'get' method to offer users a return option to an unknown url that they came from within my site, as per the code below. I prefer this to just the browsers back button and it works without javascript.
The problem I am having is that some browsers (chrome, safari, there may be others) are adding a question mark to the end of the url they are referred back to. I don't want this for seo reasons.
My question is either:
1) Can I prevent the question mark within my php code somehow; or
2) Please could somebody show me how to redirect the url using htaccess, I potentially have urls that could end:-
.html?
.htm?
.php?
/?
Thanks in advance.
<?php
if (isset ($_SERVER['HTTP_REFERER']) ) {
$url = htmlspecialchars($_SERVER['HTTP_REFERER']);
echo '<br /><form action="' . $url . '" method="get">
<div id="submit"><input type="submit" value="Return to previous page" /></div>
</form>';
}
?>
The ? probably gets added because you're doing a GET request from a form.
Why not do something like:
<input type="button" onclick='document.location.href=<?php echo json_encode($url);?>'>;
use POST method instead of GET
Is it pertinent that you use a form for this? Why not use a hyperlink and style it to look however you want with CSS?
You could use try using a button instead of creating an input value that will be passed.
<form action="url" method="get">
<button type="submit">Return to previous page</button>
</form>
Instead of posting to random URLs (which is not really a good idea) consider using redirects
A solution would be
<?php
if (isset ($_SERVER['HTTP_REFERER']) ) {
$url = htmlspecialchars($_SERVER['HTTP_REFERER'],ENT_QUOTES,'UTF-8');
echo '<br /><form action="redirect.php" method="get">
<input type="hidden" name="return" value="'.$url.'">
<div id="submit"><input type="submit" value="Return to previous page" /></div>
</form>';
}
?>
then in redirect.php
<?php
if (isset ($_GET['return'] ) {
$url = $_GET['return'];
header('Location: '.$url, true, 303); // or 302 for compatibility reasons
echo 'Continue';
exit;
}else{
echo 'Error, no redirect specified';
}
you can replace action="GET" and $_GET with action="POST" and $_POST and it will work the same.
or simply
if (isset ($_SERVER['HTTP_REFERER']) ) {
$url = htmlspecialchars($_SERVER['HTTP_REFERER'],ENT_QUOTES,'UTF-8');
echo 'Return to previous page';
}
both will still create a new history entry in the browser.
In the htaccess you should have something like this:
RewriteEngine on
RewriteRule ^myPage-([a-zA-Z0-9_]*).html myPHPfile.php?var=$1
By the above piece added to your htaccess, when a URL like myPage-whatever.html is called, it's just like calling myPHPfile.php?var=whatever
I have a project that requires a search form that searches two separate eBay stores depending on what the user is looking for.
I want to have one input field with two submit buttons. I'm having problems getting the form to specify which site to call from either of the buttons. I've had a good look around and tried a few things but thought someone might be able to straighten out my syntax etc.
I have the form.
<form target="_blank" action="rp.php" method="get">
<input type="text">
<button name="replacement" type="submit">Search Replacement Parts</button>
<button name="performance" type="submit">Search Performance Parts</button>
</form>
..and I have the PHP.
<?php
if( isset($_GET['replacement']) ) {
header("Location: http://www.example.com");
exit;
} else if {
( isset($_GET['performance']) ) {
header("Location: http://www.example.com");
exit;
}
?>
I think I'm on the right track, just need a bit-o-help. I don't know whether or not to use POST or GET, GET seemed to make more sense to me for this.
You can use the following code for this:
<form target="_blank" name="myform" method="POST">
<input type="text" name="search">
<button onclick="submit1('http://example1.com/')" >Search Replacement Parts</button>
<button onclick="submit1('http://example2.com/')" >Search Performance Parts</button>
</form>
<script>
function submit1(url)
{
document.myform.action=url;
document.myform.submit();
}
</script>
Your PHP is a bit off for the elseif, otherwise it should "work"
<?php
if ( isset($_GET['replacement']) ) {
header("Location: http://www.example.com");
exit;
} elseif ( isset($_GET['performance']) ) {
header("Location: http://www.example.com");
exit;
}
?>
You can use either a GET or a POST to do this, however a GET will result in the query values being visible in the querystring and are limited in size in some older browsers. POST is probably prefered, in which case you would replace $_GET with $_POST in the code above, and change method="get" to method="post" in your form.
I would use same name for both buttons, with different value for each one and then in php code just check which value is submitted.
I want to show something and lock the screen while my PHP script is running in the background.
The script can take a long time to run because it is pulling in meta data for a list of URLs, so depending on how many URLs are entered into the text area it could take up to 5mins.
I want to use the BlockUI jQuery code but have no idea how to set it up in my php script could anyone help me please?
Here is my code:
<form method="get" action=<?php echo "'".$_SERVER['PHP_SELF']."'";?> >
<p>URL of Competitor:</p>
<textarea name="siteurl" rows="10" cols="50">
<?php //Check if the form has already been submitted and if this is the case, display the submitted content. If not, display 'http://'.
echo (isset($_GET['siteurl']))?htmlspecialchars($_GET['siteurl']):"http://";?>
</textarea><br>
<input type="submit" value="Submit">
</form>
<div id="nofloat"></div>
<table class="metadata" id="metatable_1">
<?php
ini_set( "display_errors", 0);
function parseUrl($url){
//Trim whitespace of the url to ensure proper checking.
$url = trim($url);
//Check if a protocol is specified at the beginning of the url. If it's not, prepend 'http://'.
if (!preg_match("~^(?:f|ht)tps?://~i", $url)) {
$url = "http://" . $url;
}
//Check if '/' is present at the end of the url. If not, append '/'.
if (substr($url, -1)!=="/"){
$url .= "/";
}
//Return the processed url.
return $url;
}
//If the form was submitted
if(isset($_GET['siteurl'])){
//Put every new line as a new entry in the array
$urls = explode("\n",trim($_GET["siteurl"]));
//Iterate through urls
foreach ($urls as $url) {
//Parse the url to add 'http://' at the beginning or '/' at the end if not already there, to avoid errors with the get_meta_tags function
$url = parseUrl($url);
//Get the meta data for each url
$tags = get_meta_tags($url);
//Check to see if the description tag was present and adjust output accordingly
echo (isset($tags['description']))?"<tr><td>Description($url)</td> <td>".$tags['description']:"<tr><td>Description($url)</td><td>No Meta Description</td> </tr>.";
}
}
?>
</table>
<script type="text/javascript">
var exportTable1=new ExportHTMLTable('metatable_1');
</script>
<div>
<input type="button" onclick="exportTable1.exportToCSV()" value="Export to CSV"/>
<input type="button" onclick="exportTable1.exportToXML()" value="Export to XML"/>
</div>
And here is the link to the jQuery Block UI: http://jquery.malsup.com/block/#demos
Also will I need to include any files?
It'll be great if someone could point me in the right direction :)
Thanks very much!
Ricky
Put the php in a separate file, then call that script using ajax and return the results to the page once retrieved??