I have a website project where the right hand side of each page is being called from the includes folder that contains an input field and a button. Once the user clicks on the button a php script is run and depending on the result from the script the user is redirected to a thankyou-success.php or a thankyou-failure.php file. These files are located in the root folder. I would like to prevent the user from directly typing the url to these paths and seeing the success or failure message directly. How can the user be prevented from such direct access?
At the moment I am redirecting to the files as follows:
//if found this email in our database
if($count==1)
{
header('Location: thankyou-success.php');
}
else
{
//echo "Cannot send Confirmation link to your e-mail address";
header('Location: thankyou-failure.php');
}
The two php files being called are exactly the same except for the text message displayed. I have removed the <head> tag to keep things simple and clear. The content of the file is as follows:
<body>
<!-- header start here -->
<?php include("includes/header.php") ?>
<!-- header end here -->
<!-- page title start here -->
<section id="pagetitle-container">
<div class="row">
<div class="twelve columns">
<div id="pagetitle-border">
<div id="breadcrumb">
<ul>
<i class="fa fa-caret-right"></i>
<li>Home</li>
</ul>
</div>
<p> <br></p>
<div class="twelve columns">
<p>Unable to send the activation email to the email address provided. Please confirm and try again.</p>
</div>
</div>
</div>
</section>
<!-- page title end here -->
<!-- content section start here -->
<section id="content-wrapper">
<div class="row">
</div>
</div>
</section>
<!-- content section end here -->
<footer>
<?php include("includes/footer.php") ?>
</footer>
<script>$('#noscript').remove();</script>
<!-- pageloader part 2 start -->
<!-- pageloader part 2 ends -->
</body>
</html>
You can move these files outside your web root, and include from the php script that runs on button click.
Your docroot is defined in your web server configuration. Assuming your docroot is /var/www/website/public, you need to move the files that you do not want direct access to somewhere outside this folder like: /var/www/website/files/. Then, from your main script you need to include these files rather than redirecting the user:
main.php:
if ($success) {
include(dirname(__FILE__) . '/../files/thankyou-success.php';
} else {
include(dirname(__FILE__) . '/../files/thankyou-failure.php';
}
One way is to use $_SESSION. On submit of your form, you can do:
$_SESSION['result'] = TRUE;
And in thankyou-success.php, you can do:
if ($_SESSION['result']) {
echo "Success";
unset($_SESSION['result']);
}
else {
echo "How did you get here?";
}
Related
I want to use a single file with multiple pages.
In the #first page I have a link to another page with a value sent via GET:
<a href='#second?ID=10'>
And when triggered, it should show the second page and write the value with php:
<div data-role="page" id="second">
<div data-role="header" data-add-back-btn="true">
<h1>Second page</h1>
</div>
<div data-role="content">
<?php
$ID = $_GET["ID"];
echo $ID;
?>
</div>
</div>
It seems that the php code isn't run when the second page is loaded.
Is there any easy way to do this?
I'm developing a php application and i have a problem retaining session values. I have two files, one is a sidebar (sidebar.php) and a home page (home.php). I have included the sidebar on the home page.
There are login controls on the sidebar and i can successfully login. I know it has successfully logged in because it shows me a message Welcome 'username'. But when i go to the home page, the welcome 'username' part is not shown as the session values are destroyed. instead the login form is shown. Why is that?
This is the home page (sidebar.php)
<?php require_once('connections.php'); ?>
<?php
// if the login button is clicked
if (isset($_POST['btnLogin']))
{
$myusername=$_POST['textusername'];
$mypassword=$_POST['textpassword'];
$result=mysql_query("SELECT * FROM users_table WHERE username='$myusername' and password='$mypassword'");
$count=mysql_num_rows($result);
if($count>=1)
{
$_SESSION['username'] = $row["username"] ;
$_SESSION['userid']= $row["ID"];
}
else
{
//Any code here
}
}
?>
<div class="col-md-12 right-aside">
<?php
if (isset($_SESSION['userid']))
{
echo Welcome : " . $_SESSION['username'];
echo " <a href='logout.php'> | Logout</a>";
}
else //if session is not set
{
echo 'Some html for login form';
}
?>
</div>
The following is the home page (home.php)
<?php include("head.php"); ?>
<body>
<div class="container container-body">
<div class="row">
<div class="col-md-9 main-content">
<div class="row">
<p>Some Text Here</p>
</div><!-- /.row -->
</div><!-- /.main-content -->
<div class="col-md-3">
<div class="row">
<?php include 'sidebar.php';?>
</div>
</div>
Are you starting a session in home.php?
You must call session_start() at the first line of every php script in which you want to access session variables.
Try adding this in top of home.
<?php
session_start();
//Then do your work
Then even if session_start is called again in head.php or sidebar.php , it will be ignored, as the session was already started.
This is my current set up.
I have created a new custom theme with the following regions.
regions[header] = Header
regions[content] = Content
regions[footer] = Footer
page.tpl.php
<div id="Header">
<div class="row">
<div class="span12" style="text-align:center;padding-top:20px;">
<div><img src="logo.png" width="150" height="150" alt="KT Logo"></div>
</div>
</div>
<div class="row"> </div>
</div><!-- /Header -->
<div id="Navigation">
<div class="row" style="text-align:center;">
<div class="span12" style="text-align:center;">
<?php print render($page['header']); ?>
<hr class="style-two">
</div>
</div>
</div><!-- /Navigation -->
<div id="Content">
<div class="row"> </div>
<div class="row">
<div class="span8 offset1">
<h1><?php print $title; ?></h1>
</div>
</div>
<div class="row"> </div>
<div class="row">
<div class="span10 offset1">
<?php print render($page['content']) ?>
</div>
</div>
<div class="row"> </div>
</div><!-- /Content -->
<footer>
<div class="row">
<div class="span12">
<img src="separator.png" alt="separator">
<?php print render($page['footer']); ?>
</div>
</div>
<div class="row"> </div>
</footer>
</div><!-- /container -->
This all works well and I have created several basic pages fine. The problem comes when I want to have a custom "content type" with 2 blocks on a page, one with main content on left, one with a sidebar on right. Now I'm not completely understanding how the regions work.
I am wanting something like the sidebar_second effect but I'm not sure how it would set in with my widths. Here is a screenshot of my regions. http://goo.gl/XFVnl
So I think I need to change the way my content region is displayed so that it can include the sidebar region?
Thanks for any help
Content-type specific templates are usually node.tpl.php files, and page templates are page.tpl.php files.
page.tpl.php file is already included when you are using a node.tpl.php
First, add ALL the regions to the .info file of them theme. This directly affects which regions are available in blocks administration page.
It's not necessary to have all the regions you defined (in .info file) to present in all page.tpl.php files.
As you have 3 regions in the page.tpl.php file, leave it and it will continue to work.
But to override the page.tpl.php for specific node types, you will have to set them in the theme's template.php file. You simple "ask" Drupal to use this page.tpl.php file is node type is a "page" (for example).
Add this to your template.php file. Drupal will not look in to page--node-book.tpl.php file for an alternative page.tpl.php file if the node type is (machine name) is "book".
<?php
function themename_preprocess_page(&$variables) {
if (!empty($variables['node'])) {
$variables['theme_hook_suggestions'][] = 'page__node_' . $variables['node']->type;
}
}
?>
Now you can copy the page.tpl.php file to page--node-[type].tpl.php and make your changes there. Whatever you put in this file will be used for page template for that node type.
(Note: 2 hyphens between "page" and "node", and one between "node" and "[type]")
Remember to clear caches if you can't see the changes.
I believe the first step is to declare a sidebar region in your .module file along with your other regions even if it will not be displayed on every page.
In your page template you can check (psuedo-code)
if (isset($page['sidebar'])) {
<div sidebar float left theme this how you want>
print render($page['sidebar']);
</div>
}
Now when you create a block you can specify a specific path for it to show up on or a specific content type for it to show up on. The code above will check if the page has a block in your sidebar and render it accordingly.
You will probablly be more likely to get answers if you post on drupal stack exchange.
https://drupal.stackexchange.com/
I have an admin link with a div id "admin". Sessions are started when a user is logged in to show if it is a normal user or an admin. Normal users can't access the files for admin, but can still see the admin link.
Is there a way to make it so normal users can't see the link, using only php or html, without jquery or jscript or any of those.
Using interleaved PHP & HTML with standard PHP syntax:
<?php
if ($user_is_an_admin) {
?>
<div id='admin'>
Only admins can see this...
</div>
<?php
}
?>
Alternate templating syntax:
<?php if ($user_is_an_admin): ?>
<div id='admin'>
Only admins can see this...
</div>
<?php endif; ?>
Not interleaving, PHP only:
if ($user_is_an_admin) {
echo "<div id='admin'>
Only admins can see this...
</div>
";
}
You'll need to use conditionals inside of your views:
<?php if($_SESSION['adminid'] == 1234): ?>
<!-- Admin div goes here -->
<?php else: ?>
<!-- Admin link goes here -->
<?php endif; ?>
how to create a widget out of an existing login action view ?
this is what I currently have in my login.php view file of the site's controller actinLogin()
<div id="login-wrapper">
<div class="login-container">
<?php $form=$this->beginWidget('CActiveForm', array('id'=>'login-form','enableAjaxValidation'=>true,)); ?>
<div class="login-input">
<p>
<?php echo $form->labelEx($model,'username'); ?>
<?php echo $form->textField($model,'username',array('placeholder'=>'username')); ?>
</p>
<p>
<?php echo $form->labelEx($model,'password'); ?>
<?php echo $form->passwordField($model,'password',array('placeholder'=>'password')); ?>
</p>
<div id="bmenu">
<ul class="menu">
<li class="register"><?php echo CHtml::link("Registration", array('wsmembers/register'));?></li>
<li class="login"><?php echo CHtml::submitButton('Login',array('id'=>'login_button')); ?></li>
</ul>
</div>
</div>
<?php $this->endWidget(); ?>
</div><!-- .login-container -->
<div class="login-bg-bottom"></div>
if I click the default login link from the navbar, that's the only time that code above shows
the login box at the upper right corner of the page
but the problem is, the login box should be at the homepage and must already be there
without clicking a login link at the navbar. so how am i gonna do that? this have something to do with main.php layout file right?
Indeed.
What you have defined is a view that is used for content. If you click the link the login action will be executed and it it will show the form.
If you want this to be shown always, just do a Yii::app()->controller->renderPartial on the view. Note that it cannot be $this->renderPartial as you would normally do since the main layout is not executed by the controller. I usually define an alias called "userViews" that points to protected/views so I can do:
Yii::app()->controller->renderPartial('userViews.site.login');
Or something like that. Hope that helps :)
As for the alias you can add this to your config:
Yii::setPathOfAlias('userViews', dirname(__FILE__) . '/../../protected/views');
This is assuming your views are indeed under protected views.