Hello Guys i hate asking stupid questions here so i hope this isn't, How would i go about limiting someone to a download page of mine? so if they try to visit that page again (more then once) to download something it will just redirect or preferably change the download links to link 2 then Link 3 and is it possible to do without a database?
Eg:
First Visit - main link
Second Visit- link 2
third Visit- link 3
4 and up Visit no link and redirect
Maybe with cookies? i really i have no idea how to do it and i have Googled it but my wording must not be there...
Is there a name for this or a script?
Thanks for your time Guys.
A.
The best method to achieve the desired goal is database. Create a database table that contains two columns :
(1)Page Visitors IP
(2)The Last Download link used by the visitor to download
file(contents) from your website.
B.
You can too achieve your goal with the help of COOKIE.
setcookie("Visitor IP", "Download Link used by the Visitor", $expire);
Everytime, visitors visit your website, fetch the visitor IP and check whether $_COOKIE["Visitor IP"] is set or not, if its set, then update the existing Cookie else create the new one.
However, using Cookie is not a convenient way, as there might be a case where
Browser does NOT Support Cookies.
Client alter the Cookies value and use the previous link for download.
So, most simplest and elegant way to do it is, using Database.
UPD:
*How easy is it to code/setup a database?*
Setting up/Connecting to a database in php is pretty easy.
Refer the following LINK
Coding is pretty easy as well.
-Whenever the visitor click on the download link, fetch Visitors IP ($fetched_IP) by either POST or GET method. Also fetch the Link ($URL) visitor has clicked.
-Query the database [eg: Select DB_IP,LASTLINK from database WHERE DB_IP=$fetched_IP.....]
-If RowCount>0, then IP($fetched_IP) exists in database. Check the Last Link visited by the $fetched_IP.
-If LASTLINK!=$URL, then allow him download the content from $URL.Update the LAST_LINK column in database table by $URL.
-If rowcount==0,(New User) Insert a row that contains DB_IP=$fetched_IP(Visitor IP) and LAST_LINK=$URL.
An easy was is to use a hash table (associative array). When they satisfy the criteria to access the file, add an entry to the hash table using the the unique url as the key and the document path as the value. Save it to the session. When they access the url the page checks to see if the url is in the hash table. If it is, remove the url from the hash table and stream the file. If you wanted to allow multiple uses, you could store a countdown variable along with the url, that will decrement with every access and only delete the url from the hash table when the count is zero.
Related
In one page are multiple rows of records (information).
User can click link at the end of each row. Opens new page (popup) like host/pageaddress.php?id=777 777 is id of mysql row. In the new page I display information that is recorded in mysql with id 777.
If user wants, he can change 777 to any other number and gets displayed corresponding mysql row. Modifying id in such way user can access only table and rows which the user is allowed to access. And at the moment I do not know any security hole because of such modification (if someone knows, please, write).
But I do not like to allow user such modifications (feeling uncomfortable). When searched I found information, that I can not prevent user to modify. However know one website, where I can not modify url
Tried to write something in address bar and i can not. I do not know why (maybe because of https?)
So at the moment think of following solution.
At main page create $_SESSION['display'] = 'something';
In new popup page
if(isset($_SESSION['display'])){
echo ' content';
}
Then at the bottom of page unset($_SESSION['display']);
So if user modify url, page reloads and there is $_SESSION['display'] is not set. So no content.
Please, advice if such solution is ok? Some better solution?
Update
The above mentioned solution appears useless. But if to think regarding solution, here one another:
1) At main page create hash, and name for example $hash
2) $_SESSION['display'] = $hash;
3) record $hash in mysql
4) in new popup window (file) check if `$_SESSION['display']' exists and is equal to hash in mysql. At the end of page unset hash and delete from mysql
This is just to think about possible solution... does it work?
If user wants, he can change 777 to any other number
Yes. There is absolutely no way to control what the user instructs their browser to ask your server for.
and gets displayed corresponding mysql row.
If you only want some rows to be available to the user, then authenticate that user and check if they are authorised to view that row.
For example, some pesudo-code:
if user is not logged in
provide login page
else
if user id matches row's owner id field
provide data
else
provide error message
However know one website, where I can not modify url
That's what happens when you open a popup window and tell it not to show the toolbar. It doesn't provide any security because the user can still copy the URL into a new window and modify it as much as they like.
So if user modify url, page reloads and there is $_SESSION['display'] is not set
That just means they have to copy the URL into a new window between the time they visit the main page and the time they click on whatever triggers the popup.
It's annoying and twiddly, but not secure.
I have a page, i want so that 1 IP could use the page for lets say 10 times a day at most. 1 refresh = 1 use. After some research i read that this can be done with javascript or php but with cookies. Couldnt the user just delete his cookies and use the page again?
Is there a way to do it only with php and no cookies? Any suggestions?
Note: i am not using any databases.
It can't be done without a database. You simply need to keep track of all IPs and you can't do that without a database.
Of course, a simple text file can also go for a database. For every visitor that accesses a certain page, log that IP address to a text file. To see whether they can access the page, just count how many times the IP address is in the file.
You can create a database table and then on each view either insert the IP (if its not already in the database) or increment views by 1. If views = 10 don't allow the user to visit.
You can use htaccess file too. But you could write ipaddress/nrofrefreshes records to a text file located on the server.
I'm working on a project in core php with mysql for a tutor agency in which i have send mail to people with links to the tutor profile pages matching their required criteria. I want these links to be temporary links and want them to expire in say 72 hours, I'm not sure how to go about it. Any ideas?
originally link is something like this
"http://mysite.com/mysubdirectory/index.php?action=view_credentials&tutorid=".$tutor_id;
Thanks for help.
For anyone looking for the same answer as I was, I followed shadyyx and with a bit of effort i was done!! thanx everyone!
Some solution that bumped into my mind:
Create a DB table for these links where You would save the link, unique identifier (some hash), date it was created and date when it will expire.
Then create a page (script) that will get that link (containing not the full URL but the URL of that script and a unique identifier of the link stored in the DB). This script will try to search for the link identified by the unique hash while conditioning current date and time to the link expiry date.
If the link is found and not expired then You would redirect user to that page otherwise You will end up with a message that the link is expired or not found.
Should be pretty easy to implement.
Hope this idea will help You.
Use a table to store the TIMESTAMP when sending the link and redirect to an error if the link is accessed after TIMESTAMP+<72 hours>
Your tutor_id shall be stored in database before you send it. This would help sending unique id (just in case :), and do some checks if i.e. ID used come with is valid. So when anyone enters the link, your index.php should check if all parameters are valid, query DB agains value of $_GET['tutorid'] and see if it is not expired. And you'd know this because your DB record shall hold TIMESTAMP with creation date. Having creation date you can check how old it is and accept or reject the tutor_id
Protected Links is a PHP Script from codecanyon, it expires links after a fixed time and much more..
It can be used to expire a tutorial link or any other link in 72 hours or any number of hours, by IP address, for single user or mutiple users. A php coder can integrate this in their application with some effort.
http://codecanyon.net/item/protected-links-expiring-download-links/2556861
I am programming a Blog. I am interested how to add a counter to the side to see how many people read the different articles.
I understood that if you have a Website counter, than you would normally save the IP and the Date in the database so you only count the person once.
But how would I make sure that a person reading a specific article is only counted once for that article?
The database would turn very big if I would save each Visitor IP for each Article. It came now into my mind to maybe create a Session for every Visitor. Within this Session I save each ArticleID the Person read. So before I update the counter in the database, I check if it already exists in Session - if not increment counter and save in Session otherwise dont.
Is this the right approach or is there another way to do it?
It depends on which data you want to save. You can save:
Number of hits (count all people/bots/... who opened the pages), this makes fake impression of readers, because doing a refresh will count me twice.
Number of unique visitors, create a session for the user. and increment the counter only once in the session. This can be improved by setting permanent cookie, but looks like overkill for me. and by the way, I can open the article and don't read it!
Number of people interact with the article. You can put some javascript capture (mouse scrolling, clicks on article text, ...) , split text into parts with "read more" ... etc.
If I were you, I will name it "number of views", and use solution 2. And combine this with google analytics (or similar solution) to know more details about visitors.
Google analytics is better way
But if you want to do it by programming then follow the steps.
i) In your table from the data of particular article comes just add one column no_of_view or whatever you want to give..
ii) In the starting of page write down the code of php for ::
from the url you can get the id of current article.
then from select query get the value of column no_of_view for particular ID (article)
then fire a query for update that record for no_of_view column with +1
If you want to get that more accurate then add ipaddress column and date also....
I prefer to use Google Analitycs API for such tasks. It' hard to implement for the first time - but once made it will help you on any project.
You can read here - http://code.google.com/intl/en/apis/analytics/docs/gdata/home.html
I would set a cookie on the user's browser and send it to the server. If the cookie is new, it's a new user reading the article for the first time.
I think, you can execute an ajax function, when user click on article to update column in database table field name 'number_of_click' as per article id and other relevant reference
and show it by simple query 'SELECT no_of_click FROM article WHERE id='{$individual_article_id} ....'';
Whats the best way to keep track of how many users and guests are online? Im making a forum for fun and learning
Right Now I have a 2 fields in the users table called is_online and last_access_time.
If current time is 5 minutes or more than last_access_time i set is_online it to zero. And if the signed in user refreshes browser i set it to 1.
But what about guests? I wanna keep track on how many guests are on also
Another thing that would be really cool is to show what page the user is viewing. and on the page, forum thread for example, 5 guests, Homer and Shomer are viewing this page. But how should i structure this? Hmm maybe i should make another question for that.
i dont know what i should do
What do you suggest?
I'd use cookies for this. Set a cookie when the user enters (checking first to make sure one doesnt exist). Easy way to generate a unique id for that user is to hash their IP plus the current time.
$id = md5($_SERVER['REMOTE_ADDR'] . time());
Store that id in your database and use that to reference
You can check what page they are viewing by grabbing either $_SERVER['PHP_SELF'] or $_SERVER['REQUEST_URI'] near the top of your php source. Store that in the table. I'd take a look at php.net's explanation of whats stored in the _SERVER global, as it should help out quite a bit if you find that you need more then just the document they are on (ex index.php). Found here.
You may need to pull apart of the query string that was used to access that page, parse out the variables to determine the page they are requesting. Either way, this could all be done through cookies, or just use a single cookie to store the unique id and use your table for storing everything else.
You cannot know for certain which page a user is viewing, but you can keep track of which page they last viewed. Every time you deliver a page to a user, record that page's path in a database row associated with them. Voila.
To keep the number of guests, I suggest tracking the number of distinct unauthenticated IP/HTTP-User-Agent combinations seen on a certain page in the last X minutes.
I found this article on Web Monkey that might help you.
http://www.webmonkey.com/2010/02/how_many_users_are_on_your_site_right_now/