I'm making a site where you can book a cabin. One of the requirements was to make a reaction system where an admin gets an e-mail with a link. If he clicks this link, the reaction will be posted on the site. I'm almost done with this, I only have one question:
http://student.waerdenborch.nl/~groep45/site/index.php?reactie=f0357a3f154bc2ffe2bff55055457068
In this link, how can i retrieve the part behind ?reactie=?
I could only find how to retrieve more of the url, but I only want the md5.
Just retrieve it by using $_GET
$_GET['reactie']
Also read this: http://php.net/manual/en/reserved.variables.get.php
Related
Can someone tell me how to pass a variable into Wordpress from an incoming URL? For example, I have a visitor following this link:
http://mywebsite.com?variable=white
When they arrive at my wordpress site, I want to pull that "white" variable and store it for future use in my MailChimp list and departing links like this:
store mailchimp color
http://mySecondWebsite.com?favoriteColor=white
I want this to be temporary and specific to this user only. I understand the concept and use of session_start(), but I have no idea how to use this in conjunction with Wordpress. Any help is appreciated.
You can use the GET variables to fetch information from a URL. You can read out the $_GET array in PHP to get to your variable.
The part thats tricky, is that inside your wordpress application, you should check out if the user is logged in, and then update the users' information based on the current session. This is basically what you're looking for.
If the user is not logged in already, you can ofcourse not update his account by just that URL. You'd then need to add more info - something like a hash in the URL thats unique for this user and allows you to update a preference without logging in.
I orignally posted asking how I can store a users facebook profile link, to use it on a profile page that I was creating on my website and didn't really get much of a response. After spending a lot of time I have a system in place that I feel should work but doesn't.
I'm not entirely comfortable with AJAX yet and have tried adapting code from Adam Khoury's Web Intersect 2.0 series to suit my project.
I've pasted my code over at Pastebin http://pastebin.com/u/lil_bugga test2.php being my main form with the Ajax and link_checker.php being my include file. Can someone help me to get this code working properly.
Its meant to take the user input, sanitize it and return 1 of 4 different result that I can then use to display appropriate messages to the user. The code seems to work fine until after the following line in test2.php
alert(params.join("&"));
Below is my orignal question for any interested parties.
"How can I safely collect and store links supplied by a site visitor as part of their profile, if they wish to provide it.
I know I don't want to store it without sanitization of some form but I would assume using something like the snippet below would leave me vulnerable to attack.
$username = preg_replace('#[^a-z0-9_/:]#i'
I also want to compare the supplied links against a url list i.e:
http:// www.facebook.com/userprofile
www.facebook.com/1234567890
Whats the best option here, as some people may submit with HTTP:// others with just WWW. and some even just facebook.com/ and then theres the (userprofile) name or the user id (1234567890)"
I have
echo <a href=\"javascript:;\" onClick=\"window.open('". $link ."','no','scrollbars=yes,width=550,height=400')\" >View report</a>
$link contains sensitive information, so I'm wondering if there is a simple way to prevent this link showing up explicitly when you "view source code" on the browser. Any alternative to href would be fine. I just need to give the user an option to click and see his processing result after he submits some data. I would like to avoid having auto popups as soon as the processing is submitted.
UPDATE: so the $link is a GET URL that includes a user ID and password.. It's internal right now so it's fine, but I'm thinking of putting this on our online server in the future. I'm very much a novice with PHP, so this is probably not in the near future as I don't know much about security features that need to be implemented for a live site on the Internet. Right now, it seems that utilizing a database would be the best way to go. Correct me if I'm wrong, please, and thanks for all of the support!
If the user has to navigate to the link, there is no way to actually hide the information. You should rethink how your process works so sensitive information is not displayed in the link.
Perhaps you can store the information in a database table and the link would just use the id of the row that has the information.
Simply put: No. If you send me to a URL, I will be able to see it using some sort of tool. Wireshark, Fiddler, etc. Consider using a different link structure.
If the user already owns a session, this is an option:
If you render a page and need to protect this given sample secret URL
http://www.MyHost.com/?what?secret&id=23232
save the URL in the user's session and associate a hash value with the secret URL.
Instead of sending the URL to the result HTML-page, insert another URL, e.g.
http://www.MyHost.com/?continueWith=<hashValue>
If this URL gets called, check the user's session and retrieve and delete the secret URL. Then continue to evaluate, as if the user had called the secret URL.
This way, no parameter of the original secret URL ever reaches the user's browser.
To refine the schema, attach a lifetime to the URL saved in the session. If a request comes later as the end of life, return an error.
If you protect all URL in such a way, users won't be able to call arbitrary URLs, since all acceptable URLs are those inside their sessions. Thus, a user will even not be able to change parameters of less secret URLs.
How is $link generated in the first place? If it is sensitive, this implies that the user has already been authenticated somehow. Thus, the information in $link can be stored in the session where it's safe
Save all the information in your PHP session (or preferably the session system your PHP framework uses) and then just send some kind of non-db-associated identifier in the link so that the code knows what you want to do next.
For example you could have a link to "http://www.yourdomain.com/sec/special_action/4" with "sec" meaning secure, "special_action" being the name of the action to take, and "4" being the action id reference.
So lets say you have to have it associated to their social security number. Then you would in your back end use a salted hash to encrypt the SSN and save it to the session data. You then append it to the end of your session array and get an array count. If it returns 5 then you know that the encrypted SSN is saved in index 4 (since PHP uses 0 based indexing). So you send along that index as part of the link to confuse things even more. Heck you can even salt and hash the index if you want.
The user clicks on the link, the code finds the index, grabs the encrypted content, decrypts it, then uses it. Easy and secure.
I'm trying to create a "Email to friend" page using php. The objective of this page is that users can share the page that they are viewing with their friends.
When a user clicks on the 'share' link, it'll redirect user to a page that asks a user to input their own email address and a recipient email address. The subject will be the previous page title and the email body will be the URL of the previous page plus whatever a user may want to include.
I've got the whole concept here but I'm stuck on the implementation stage. I can't seem to figure the best way to pass the previous page title and the page URL to the share page.
Here's what I have thought of so far.
Using POST and GET method doesn't
seem to fit in because there is no
forms involved when a user clicks on
the share link.
Using session and cookies would be
very tedious as it requires assigning
and modifying the cookie / session
each time a user views a page.
Passing variables in URL would make
simply make the URL long and somewhat
undesirable.
Is there any other way that I could use to pass the page title and page url to the next page? I'm open for other suggestions on how I could implement this idea differently. Thanks in advance.
As far as I can see, passing the URL as a GET parameter is indeed the ideal solution.
http://example.com/share.php?url=http%3a%2f%2fwww.example.com
note that
You need to URL-encode the URL you are passing using urlencode()
the total resulting URL should not be longer than 2-4 kilobytes due to restrictions in some browsers.
I don't understand why POST and GET are not an option. Just because there isn't a form on the page doesn't mean you can't put one there. Can the link be turned into a button? If you don't like the look of a button, use CSS. Putting a form on the page would only take a few lines.
I would go for the session approach, even though you consider it tedious. This is called "flash messages" and it's quite commonspread. Zend Framework has these out of the box, CodeIgniter has a neat contributed library for it... Basically, you just need to write a few helper functions and you're set. To get the barebones functionality, you need:
adding a new message
retrieving a message/all messages
clearing messages (could be called after fetching messages)
The messages stored in the session will persist until you clear them, they are immune to redirecting and once you write your helper functions, it'll be as easy as:
//before redirect:
setFlash('You have successfully logged in!');
//after redirect
echo fetchFlash();
clearFlash(); //if fetchFlash doesn't call it automatically
So I wouldn't call it tedious, really. Rather a butt-saver.
I haven't officially started learning PHP, just skimming through a couple tutorials and I have a question. Why would some one choose to use Get vs Post? Why would you ever want the data shown in the url bar? I understand post is used for passwords and important info but I don't understand why you would use get instead of just post all the time?
Thanks for any insight.
$_GET is useful for pages where users are requesting data - such as a search page, and pages that a user might want to bookmark and share with others. Actions that should be readonly.
$_POST is useful for pages where users are "posting" data - such as a signup form. $_POST should be used when you don't want your visitors to be able to bookmark page. Actions that write data.
As prodigitalson added: you may use $_POST or $_GET for any operation, but it is good practice to use them as described above.
If you want people to be able to share the link with their friends...for eg http://example.com/products.php?product_id=12
GET requests are idempotent. POST requests change server state.
This is an HTTP question, not a PHP question.
are you planning to fill your website with forms and buttons on each link?? every link you see in this site is sending GET variables.. maybe your question is related to the "method" attribute in a form, if that's the case, well 90% of the cases post is a better choice
dont worry about the security :) just because you dont see the information in the navigation bar doesnt mean that its secured, watching the information sent by post is only two clicks away ;)
Some times you have to pass params(data) to a script without form submit OR want to share that script to someone. In that case $_GET is useful.
GET method may result in long URLs, and may even exceed some browser and server limits on URL length.
GET can be used for multiply reasons..
If you want to share a URL with your friend, like http://site.com/share.php?id=123 <- Often used.
Its often used to do dynamic actions.
POST is often used when sensetive information should not be shared.
You can look it up on google to learn more =)