I am creating a website on Joomla and want to have a private page for each individual user. If anyone knows of the best way to do this apart from giving each individual their own group, this is the way I would like to try:
I want to create a page where php will match a file name based on the user id of the logged in user. This is the code I have so far:
<?php
$user = JFactory::getUser();
$user_id = $user->id;
$profilepage = file_get_contents ("user" + $user_id +"file.txt");
echo $profilepage;
?>
This gives me the user id in a variable, and I would like for the correct profilepage to show. For example, if User594 is logged in, then I want the file to be used for $profilepage to be "user" + 594 + "file.txt"...for an actual file name of user594file.txt. Is this possible? Or is there a correct way of doing this?
Thanks for any help!
Since you probably chose not to delete your question and not hearing from you in comment in regards to a comment to you, I decided to post my comment as an answer.
You're presently wanting to use + signs. This isn't the character to use in order to concatenate.
In PHP, you need to use dots/periods:
$profilepage = file_get_contents ("user" . $user_id ."file.txt");
Related
I have a database with just over 800 data.
product table
pid name p_page
1 money money.php
2 gold gold.php
3 .
. .
. .
800 .
I have 2 pages...
product_item.php
<div class="button">
View
</div>`
when you click view the product info is pass to product.php
in here i have
if (isset($_GET['pid'])) {
depending on what product the user clicked on the URL might look like something below but the 44 will change to whatever id
http://www.example.x10.mx/money.php?pid=44
the problem with this, is that money.php have a different layout to the other pages and if I change 44 to 68, the product info will show on the page but the layout will not look good.
My question
what is the best way for me to stop users from being able to change the url.
I want to encrypt all my pid in the url so it will look something like
http://www.example.x10.mx//money.php?sel=the product name here or 4 letters or anything
I just want to take away pid from the url.
Please help me. If you dont understand my question please ask in the comment and try and say what you think you understand.
Edited to show my fetch function
$php = "php/";
$apages = "account/";
$bpages = "booking/";
$gpages = "general/";
$ppages = "product/";
// Global functions
function fetchdir($dir)
{
$protocol = $GLOBALS['protocol'];
$host = $GLOBALS['host'];
($dir == $GLOBALS['apages'] || $dir == $GLOBALS['bpages'] || $dir == $GLOBALS['ppages'] || $dir == $GLOBALS['gpages'] ? $branch = $GLOBALS['pagebranch'] : $branch = $GLOBALS['branch']);
echo $protocol.$host.$branch.$dir;
}
Thanks
p.s. I dont know if this can be done in .htaccess but i think it can be done in php
Some clarification:
I have a url which looks like this
www.example.com/account/product.php?pid=1
the problem with this is that someone can change 1 or any number and if they is a pid in the database with that number it will get the items information and display on the page. Which I don't want to happen because not all product are meant to be display in some pages.
In the papge which i show all my available product. I simple uses a SELECT statement and then echo what I need in some div.
In that page I have a view button.
$stmt = $conn->prepare("SELECT * FROM Product WHERE Type = 'shoes'");
$stmt->execute();
$i = 0;
$rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
foreach ($rows as $row) {
$id = ($row['pid']);
$product_page ($row['dir_page']);
<div class="button" >
<a href = "<?php fetchdir($apages) ?><?echo $product_page?ProdID=<?php echo $id>" > View</a >
</div >
}
Depending on the page that information is getting sent to when you click on view I use Get method
<?php
if (isset($_GET['pid'])) {
// Connect to the MySQL database
dbconnect();
$id = preg_replace('#[^0-9]#i', '', $_GET['pid']);
}
If you notice in my select statement used type to show only the product which type is shoes. I have other types as well, which as their other pages. Now the problem is if i change the pid to any page that doesn't have a type of shoes or if an in the other pages and enter a pid which type is shoes or anything, the information from that page will still render. Which I don't want to happen.
My question
how can i stop users from changing that pid and even if they change it. they will still be on the same page?
The problem isn't having the PID in the URL, it is having the template name in the URL.
Store the template name in the database (you are doing this already), and use that to determine what HTML to wrap the data in instead of putting it (money.php) in the URL.
Move your templates out of the web root (they shouldn't be hit by users directly), have a single index.php and then include() the template based on the data in the database.
You cannot prevent someone from changing the URL or from requesting arbitrary URLs. Your server (i.e. your app) has to decide how to respond to an invalid request. If you don't want to display certain things publicly, flag them as such in your database, test for that flag and simply refuse to output anything if that flag is hit.
Make the server respond negatively if something doesn't fit your conditions; don't expect the user to behave correctly.
Assuming that PID is a autoincrement value, you can still obfuscate it. Add another column in the table that contains a randomly-generated key (using uniqid or some derivative). Then use that key in your URL. You'll get something like: www.example.com/account/product.php?pid=II8GypI6H93Ij. This doesn't guarantee that someone won't find it, but it's good enough in most instances.
Check for allowance in the Database
Depending on your level of programming skills, in the database you could add a field or a relational table that relates the ID of the pages to allowed page templates (I'm guessing you're talking about templates.)
Then in the code you can make it so the page checks this database to see if the page contents are allowed to show. Something like:
$query1 = "SELECT * FROM Product WHERE Type = 'shoes' and allowedTemplate='1'";
This way you won't have to hardcode everything into the code itself. On the backend (if there is a CMS) then you could have checkboxes indicating the relationships to the templates and prefill them by default.
You'll need to make the site so something with that stuff though.
Your other option
You could use clean urls (which used to be better for SEO) to show real words instead of the IDs. Then you can use .htaccess tricks to convert the URIs to their ID counterparts with a dynamic RewriteMap.
I am a newbie here, I wanna learn p-h-p. I am using joomla2.5.9 right now, but i wanna get current username who logged in and put it in variable or maybe put it in a session. What i want from this current username is to create another script using p-h-p based on that current username.
first question : How can i Do that?
Second question: where should i put that 'first question' script in joomla2.5.9 folder?
Please Help... and thanks in advance..
By,
Leo
This PHP code, shows you the name of current user.
<?php $user =& JFactory::getUser();
$userName = $user->get( 'name' );
if ($user->get('guest') == 1) {} else {
echo "Hi ".$userName."! Welcome to our great website!";
}
?>
You can put this code in your template files in: /templates/yourtemplatename/filewhereyouwanttoaddthis.php (in your case I think that you'll want to put this code in index.php - the principal layout of site)
I'm a bit new to this so sorry if this has been covered already but i'm going around in circles searching.
I've had a look around learn t how to edit htaccess and use the get function, I then even found a plugin called redirection that did similar.
What I would like to do is if I have a URL http://example.com/file.php?id=blue
is to grab the id which is "blue"
then in a href link dynamically add it to the end of another url
Link Example
If someone could help show me or point me in the right direction on how to get the id blue and add it into a href that would be great.
Many Thanks
You have to use $_GET. People might be dicks about it here - but I had a hard time when I was first learning to program too. You'll get it, don't worry.
This is how get works (at least, all you need to know about how it works):
if you have the file index.php
if you add a query string to the end of it like index.php?id=1
You can access id=1 by doing the following in your code:
$id = $_GET['id'];
Similarly if the query string contains the following index.php?id=1&page=5&par=3&club=putter&upnext=tigerwoods
On the left hand of the equal sign is the Key(id, page, par, club, upnext) and on the right side their value(1,5,3,putter,tigerwoods)
One thing to remember is that when retrieving numbers from the query string they will always be of the string type, so you cant do something like
if ( $_GET['page'] === 5 )
you'll have to do
if ( $_GET['page'] == 5 )
and to echo it into a link:
$club = $_GET['club'];
if ( $club == 'NRA' ) {
echo "Gun Show";
echo 'Buy tickets to my gunshow ^^';
}
Hope this helps!
You can also do things like set your website up so that it has one template and use the $_GET parameter to determine which files to include into the content sections of the site via a switch command. I do this, but not across my whole site. For my user control panel, I do this to simply include only the file necessary (change email, update password, delete account, update profile, etc)
Cah'piche?
Use the $_GET parameter.
YAY!!
One solution to automatically building navigation for a site is by scanning a folder for documents like this:
foreach(glob('pages/*.pg.php') as $_SITE_NAV_filePath):
$_SITE_NAV_filePath = explode('.pg',pathinfo($_SITE_NAV_filePath,PATHINFO_FILENAME));
$_SITE_NAV_fileName = $_SITE_NAV_filePath[0];
$_SITE_NAV_qv = preg_replace('/([A-Z])/','-$1',$_SITE_NAV_fileName); $_SITE_NAV_qv = trim($_SITE_NAV_qv,'-');
$_SITE_NAV_name = preg_replace('/([A-Z])/',' $1',$_SITE_NAV_fileName);
?>
<li><?=$_SITE_NAV_name?></li>
<?php
endforeach;
This code will turn "AnAwesomePage.pg.php" into a menu item like this :
<li>An Awesome Page</li>
This might be bad practice (?).
Anyway; I don't use this method very often since most of the time the sites have a database, and with that comes better solutions...
But my question is this:
Is there a way to prefix the filename with a integer followed by and underscore (3_AnAwesomePage.pg.php), for sorting order purposes, and pass it somehow to the destination page outside of the querystring and without any async javascript?
I could just explode the filename once again on "_" to get the sort order and store it somewhere, somehow?
This is the code for handeling the page query request:
$_SITE_PAGE['qv'] = $_GET['page'];
if (empty($_SITE_PAGE['qv'])){ $_SITE_PAGE['qv'] = explode('-','Home'); }
else { $_SITE_PAGE['qv'] = explode('-',$_GET['page']); }
$_SITE_PAGE['file'] = 'pages/'.implode($_SITE_PAGE['qv']).'.pg.php';
This code turns "An-Awesome-Page" back into "AnAwesomePage.pg.php" so it's possible to include it with php.
But with a prefix, it's not so easy.
The probliem is; Now there's no way to know what prefix number there was before since it has been stripped away from the query string. So I need to send it somehow along in the "background".
One very bad solution I came up with was to transform the navigation link into a form button and just _POST the prefix interger along with the form. At fist it sounded like a nice solution, but then I realized that once a user refreshes their page, it didn't look very good. And after all, that's not what forms are for either...
Any good solutions out there?
Or some other and better way for dealing with this?
There are two ways to keep that number saved, you can use cookies or php session variables.
But in this case, if user first enter the url in the browser or in a new browser, then he should be taken to default number.
Like you have:
1_first-page.php
2_first-page.php
3_first-page.php
If user enter the url like: domain.com/?page=first-page, you have to take him to 1_first-page.php to any number which you want to be default.
I am editing a template to try and add some conditional logic to my page.
The page template shows topics related to a user.
I want to add a piece of code which will grab the user name from the page we are viewing and then use that in a string for my conditional statements.
The code I have put together is as follows, but it breaks my page so I am doing something wrong.
<?php global
// I query the ID and try and set that to the $userID - I think I am doing this wrong, but when I echo the ID it gets the correct info.
$userID = get_queried_object()->ID;
// This is the string I create using the userID which should be from the query above
$memberstatus = get_user_meta($userID,'member_status',true);
?>
later on I use IF statements to use thsi result (which i know work) so i won't post them. My problem is trying to get the above to work.
Any help?
damm, looks like when I remove 'global' from the php it works! I thought global had to be in this...ah well