When I submit my form on PHP, I wish to create a temporary URL containing the POST information from the PHP. Also as there will be sensitive details, I also wish the link to auto-delete in 24 hours.How can I achieve this? Any suggestions? I heard of using tokens but I am new to this. Thanks
You should generate a random token for the filename. Create a file with that name and output your data.
If you wanted to delete them after an x amount of time, you either need a function that is running all the time, or you can validate the file's age before outputting the content.
you could use a router for that?
https://github.com/dannyvankooten/PHP-Router
any router could help you to generate "dynamic" url. where the URL comes to a method parameter.
hope it gives you an idea.
Related
Question about GET and POST in PHP. i wonder what is the difference between POST and GET and when do you use them respectively?
so as far from i tried, GET can also show the data in the link.
for example, the name of my link is Localhost/index.php then inside my php file is an input box and a submit button. if for example i use GET, if i click the submit button, it will take the data i put in inputbox(for example, name) and add it to the link. so the link now is Localhost/index.php/?name=Tina i think this is how GET works. but if i use POST, it will not show the input data in the link and it will remain Localhost/index.php. (atleast, from what i practice)
i wonder what are other differences between the two and when they should be use? for example im making a website(ex: sign up website) that will take information and send it to a database in MySQL..or the webpage should carry over the from this webpage to another webpage. should i use GET or POST?
You are kind of overthinking it. It is as simple as:
POST - used to post(send) data to the database.
GET - used to get(fetch) data from the database.
So in the case of the form, what you need to do is a POST request, so you send the data to MySQL. And in order to retrieve that data, you will perform a GET request.
See this https://www.geeksforgeeks.org/http-get-post-methods-php/ for a comprehensive explanation.
Keeping it very short:
You never-ever should pass any sensitive information over GET method, because it's visible by logs, by your internet provider/router, third parties.. such as google analytics and more.
A common use of GET is when you allow users to change the parameters of a page they see.. i.e. search parameters or the number of products per page.
POST when you want to send information to the server "privately" and (preferably) with a nonce to make it sendable only once.
But regardless of a method - POST or GET - sanitise, sanitise, sanitise.. that is what you need to really worry about. User input should not be accepted as is when you receive it, kinda #1 rule on the internet.
I have some php code like following lines of code when clicking on the image it goes to different departments.
Departments.php?DepartmentsID=6?&CampusID=1
which shows in url when click on it.
How I can easily encrpt it so that it doesnot show in url same is the case with downloading some file.
download.php?filename=abc.pdf?
how i can disable or encrpt the code so that i didn't show up in url.
thanks
want to hide varibles that as passing through html link
as far as I understand you want to pass some kind of token as the link and not something readable like the filename or an id to your site to handle the request. (the user only sees tokens and nothing else)
so clicking on a link gives you something like Departments.php?action=907fgash6f8906a6asf6g...
If you want something like that you would need some kind of database to store your tokens so your code knows what to do on a given token.
Or you could use actual encryption which you would have to decrypt and of course keep your key hidden and secure.
I don't understand why you need to do all this. If you can give more insight on why you want to do this there might be a better solution
In your PHP form change or set the method as method = "POST".
You're using the URI as a GET parameter which is where you are receiving such complications. You can choose a more MVC related method to approach this:
www.example.com/6/1
The above example represents the Department ID as 6 and the Campus ID as 1 using a router. I suggest using AltoRouter.
$router = new AltoRouter();
$router->map('GET|POST', '/[i:d]/[i:c]', function($department, $campus) {
echo "Department $department on Campus $campus.";
// Add your code logic
}, 'Name of route');
$router_match = $router->match();
if($router_match && is_callable($router_match['target'])) {
call_user_func_array($router_match['target'], $router_match['params']);
exit();
}
// Some 404 stuff.
This can be used for mutli-mapping meaning you can change the download link to whatever you like, for example just unique file ID's that the end user must know to access it and on top of that, it could be a RBAC file before the download so only X users can download / view certain topics.
This repeats some of the info answered by others:
use POST, this only removes the ability to read the data in query URL but is still in clear text.
Ensure SSL is enabled for transport encryption
Use encryption at the message layer, the actual text itself can be encrypted if you so desire
Extra note, if the data is that sensitive and is stored at REST say in a DB, you may want to encrypt it there as well.
Basically "defense in depth" is the approach, there is never a silver bullet
This question may have been asked before but I couldn;t really find it.
What I want to do is, websites like pastebin.com, even stackoverflow, these generate new webpages based on user input showing that data from what I can understand.
I want to make it like that. User enters something, and he is given a permalink to share that information.
How to do this using PHP ?
EDIT: Here is an example
Like, I want it that
instead of having something like www.example.com/view.php?id=123
I want it like
www.example.com/view/123
This is impossible to be done with PHP, you can do this with .htaccess's url rewriting.
a good article about this can be found at: https://www.addedbytes.com/articles/for-beginners/url-rewriting-for-beginners/
In this site , work some ajax function, when you add some data in textarea and click submit, called function , that saved current data in db, and return some json data , and then show you in some format.
Simply done like this:
Create a index.php containing a input field where the user inputs their data.
Post data to the server and create a random string which will be the users permalink.
Then insert the random string and data into a database.
In the index.php file say that if any uri is added after your domain like example.com/
it checks against the database if this code exists in db, and returns the result to the visitor.
I know two ways for sending an ID to another page:
as URI segment. exemple: http://mypage.com/index.php/ID
as an input field in a form using POST or GET methods.
Is there another way than these tow?
The purpose is to have a list of records. When the user clicks on one of them, s/he gets the full details of the selected record in a different page.
"Is there another way than these two?"
You can store it in $_SESSION too. If that what you are curious about.
But it's not the best way with your current problem.
Simply use GET (www.yourpage.com/records/THEID)
Well, you might consider this to fall under your first option of a URL segment, but "URL segment" usually means some part of the URL before any GET parameters...just to make sure you're aware of this, you can also put in GET parameters in a URL yourself without creating a form.
These days, URI segments like index.php/123 are popular, but traditionally the way to link to a detail page like that was index.php?id=123; then you can access the ID using $_GET['id'].
I've been using the Facemash-like script. But the problem is that while rating people when we actually point our cursor towards a picture for every image there is a URL like:
rate.php?winner=XXX&loser=XXXX1
So, if we directly type this in the address bar the trick works! Hence there is chance for users to hack for their scores. I know we can change the GET methods to POST methods. And I've searched for this and nothing really helped me out. The links to the files(rate.php and index.php) are also included in the comments of this question.
I'm making my own Facemash-like engine and here's what I do.
I store two challengers' ids in PHP $_SESSION. Before displaying the new pair I check if $_SESSION is set and if it is I just display them instead of taking new pair from a database. This prevents cheating by refreshing the page until you get your photo. I did it because the community I'm making facemash for is relatively small.
So links look like vote.php?v=left or right. In vote.php I get ids from a $_SESSION['right'] and $_SESSION['left'] and then unset them. I looking forward to publish my script some day.
Yes, if you change from GET to POST then the parameters will not be displayed in the URL upon submission.
http://www.w3schools.com/php/php_post.asp
Instead of relying on GET/POST to determine the comparison, store the data in $_SESSION instead, and only let the user pick 'image1' or 'image2', then invalidate and create a new comparison after a choice is made.
Example site - form only lets you choose 1 or 2