I am sending error values in the url.For example if i have a website named
www.example.com
and the url for login page is
www.example.com/login.php.
If the user enters wrong credentials url will be
www.example.com/login.php?invalid.
So everytime i refresh url remains
www.example.com/login.php?invalid.
How to remove invalid from url on refresh???
I think that by using the invalid GET variable you try to determine whether or not to display the error message to the user. This isn't really a good way to do so, due to the number of reasons, one of which made you ask this question.
You have a number of options instead, one of which would be using the session variables to store the error message. E.g., if the user login fails, you could store the message in your session:
if (badLogin()) {
$_SESSION['errorMessage'] = "Something's wrong";
}
and then on the login.php page you could try and see if it exists:
// ...your HTML...
if (!empty($_SESSION['errorMessage'])) {
echo $_SESSION['errorMessage']; // show it to the user
unset($_SESSION['errorMessage']); // so as not to display it every time
}
// ...your HTML continues...
This is not the perfect way either, but without knowing your application structure it's hard to suggest anything else.
Related
For example, I have a page called profile_page.php. This page is only functional if data is written after the ?u= in the URL, for example, data for Alice's profile page can only be seen when the URL reads http://localhost/profile_page/alice.
Loading http://localhost/profile_page will give me undefined variable errors as most of my variable's are depending on the URL to have a value after the ?u=. For example, the variable $firstname can only be gathered when I get her username in the URL.
In such a case, when http://localhost/profile_page, I would rather have it redirect the user to their own profile_page, but I don't know how I can test the URL and parse it through an if statement.
I understand you can use $u=$_GET['u']; to obtain the current page URL? but I don't think doing this, is the best way to go about it:
$u=$_GET['u'];
if ($u == "http://localhost/profile_page/"){
// redirect to logged in users page code here
}
First, if you are using some parameter for your page to build, the url would looks like httlp://localhost/profile_page.php?firstname=alice&lastname=brown, with $_GET['firstname'] you will get alice in this case. If you want to test if the parameter is set first and redirect to another page if it is not set, you could use
if(!isset($_GET['firstname'])
{
header('Location:redirected_page.php');
}
I'm creating a form. There is some server-side validation being executed in a php file separate from the html file containing the form. If the validation fails, I want to redirect back to the original html page with a error message saying what went wrong.
Right now, I am able to successful validate and redirect back to the html page with header(), but I'm not sure how to create and place the error message. Is it possible to check at the top of the html page with php if it's been redirected to through header()? If so, that would solve the problem...
Thanks!
there are several methods to do this i think.
1 add get parameters like:
<input type="hidden" name="formsent" value="1" />
then add method get to your <form>
when you redirect from the other page,, the get would be in the link so you could send it back
header("Location: http://localhost/yourform.php/?{$_GET['formsent']}");
or you could do the validation in the post
if (isset($_POST) && !empty($_POST)) {
do stuff here.. if all is ok go to next page otherwise show errors
}
or you could add a var into a session using $_SESSION['formsent'] = 1 after the post then u could check that also.
its up 2 u
You should set a variable using PHP sessions.
Form page
session_start();
$_SESSION["formerror"] = "Error code here";
header("Location: http://www.example.com");
Redirected to page
session_start();
$errorcode = $_SESSION["formerror"];
// Now convert the error code to something readable and print it out if needed.
IMO this is much cleaner than a GET variable.
As #Mark wrote, you can send a message in a variable by the url in your header() (I mean url + "?variable=$variable") and capture the message in your page (now php page) by $_GET. The message will depend on your validation
Of course you can check: https://stackoverflow.com/a/872522/2737474 (#Jrgns)
Different ways to pass one variable between pages.
In my opinion, you must be careful in choose one of those:
-If you would use one value for many pages (keeping in mind it would be store on server), it would be better to use SESSION.
-If you would use one value for only two pages, it would be better to use GET or POST (depending on your situation, url/form).
-If you would use one value for many pages and want to keep it between sessions (keeping in mind it would be store on client), it would be better to use COOKIE.
You can do this with using $_GET[] method
If validation is successful then redirect to url like
form.php?status=1 // 1 for success
If validation is failed then redirect to
form.php?status=0 // 0 for fail
In form.php which is your form page.
use simple if-else condition
if(isset($_GET['status']))
{
if($_GET['status']==0)
echo'something went wrong';
//else nothing
}
As many clever users wrote you have several methods how to achive this (I won't write all of these):
1st Use sessions check Daniel's answer
2nd Use GET check Sanket Shembekar's answer
3rd Use rZaaaa's answer, but you can enchant it :D
Enchant:
Page 1
header('error: true');
Page 2
print_r(headers_list()); //and find your error
My current url is http://domain.com/example.php/link=eg But if someone plays with url and puts url as http://domain.com/example.php/abcdefgh97654 - anything, my all functions all links from that page become inactive.
I tried using <?=HTTP_SERVER;?> before all links in my php files but as my website has user registration and sign in, when user signs in and clicks on any menu (link from php script). It throws on index.php page. But if user logs in again it works perfectly. In short user needs to log in twice to work everything perfect.
Basically I want two solutions one I want to redirect www dot
domain dot com/example dot php/abcdefgh97654 - anything (wrong url
page) to errorpage (I already done this in htaccess) but does not
work for above type.
List item
And want to solve two time log in problem.
If anyone has solution for this will be appreciated.
For you to do this, you have to know what values are supposed to be passed via $_GET variable to your page. Then you can create filter for the values and user header(); function.
Here is my suggestion:
<?php
$var=$_GET['val']
//get expected length if you need.
if(strlen($var)>9 or strlen($var)) {
$redirect=true;
}
//if you know what you are expecting
$vals=array('val1', 'val2, 'val3');
if(!in_array($var, $vals)){
$redirect=true;
}
//continue or replace your filters in this manner and asign your value to $redirect
if($redirect==true) {
header("Location:url"); // do this before anything else is printed to the page or else it will say headers already sent.
}
?>
i am trying to sort out the error section of my settings page, and because i am validating all the data on a seperate script i have to use the url variables to check whether an error is present
so it looks like this if there is an error
localhost/site123675/settings.php?eid=1
however, the error shows fine, but i want a way to remove it, becuase if the user gets an error then enters a correct answer, it still shows the same error.
So, how can i clear the url of any variables before the user resubmits the page?
Any ideas?
Not exactly sure what exact problem you're facing, but you could just do a header redirect:
if (isset($_GET['eid'])) {
header('Location: /site123456/settings.php');
exit;
}
I have a login form in every page of a website so the user can login from everywhere. I have a login.php file that I refer to it from the form (using 'action').
I use $_SERVER['HTTP_REFERER'] to redirect the user to the same page he logged in from when he succesfully log in or when he logs out.
But if there was a problem logging in, how can I send an error to the same page he is trying to log in?? I have tried sending the error using $_GET, like this:
// process the script only if the form has been submitted
if (array_key_exists('login', $_POST)) {
// Login code goes here...
// If there was a problem, destroy the session and prepare error message
else {
$_SESSION = array();
session_destroy();
header('Location: '.$_SERVER['HTTP_REFERER'].'?error');
exit;
}
But the problem is that a lot of pages in the website are like this details.php?mid=0172495. They already recive information from the $_GET method and for security reasons I cant use another $_GET method...
So, How can I pass the error???
Thanks...
Since you're already using sessions, after you destroy the session why not create a new one with $_SESSION['error'] or something similar set? Or alternatively simply don't delete the session at all but set the error which you can immediately check in other pages?
To add to what Chad Birch said...
In your login script where you redirect, check the HTTP_REFERER value for the character '?'. If it is present, append '&error' to the HTTP_REFERER and redirect to that. Otherwise append '?error' to the HTTP_REFERER and redirect to that.
I'm not sure what exactly you mean by "for security reasons I cant use another $_GET method", but in the case that there's already something in the query string, you just need to append another variable to it, instead of replacing it.
That is, if the address is like details.php?mid=0172495, you should be sending them to details.php?mid=0172495&error, whereas if it was just details.php, you send them to details.php?error.
Another way of doing what you need is to include your login.php file in every page that has the login form and just post to that same page. So you won't need any redirection at all.
This maybe is not a good scalable and maintainable solution, but it is simple. It all depends what kind of app you are writing. But you are saying that you are new to php so you can start like this. You can always go fancy later...