In my php file called "account.php" I have
<?php
// First we execute our common code to connection to the database and start the session
require("common.php");
// At the top of the page we check to see whether the user is logged in or not
if(empty($_SESSION['user']))
{
// If they are not, we redirect them to the login page.
header("Location: login.php");
// Remember that this die statement is absolutely critical. Without it,
// people can view your members-only content without logging in.
die("Redirecting to login.php");
}
?>
<html>
<body>
<link rel="icon" type="image/gif" href="favicon.gif" />
<?php include("header.php"); ?>
<div id="main-box">
<ul>
<li class="buttons">
<?php
//TEXT BOX WITH A LINE FROM **TEXT.txt** SHOULD APPEAR HERE AFTER USER CLICKS BUTTONS
?>
<input type="button" name="account" value="Get Your Account" onclick="#" />
</li>
</ul>
</div>
</body>
</html>
I want it so when the user clicks the button, a text box appears and displays ONE line from the text file and when they view it, it deletes it from the text file.
text.txt
Eddie so after the user clicks the button it displays this line to them and then deletes it after so that the next line would then become the first line.
Apples
Hello
People
If you don't understand my question then please let me know and I will try to explain further. Thank you. :)
My recommendation is to use javascript (or jQuery) to make an AJAX call to a PHP script that handles the reading of the text file, and then deletes the top line. The javascript would then need to take the script's response (the line on the text file) and add the text box to the page.
Related
This is my admin panel code:
<form action="connectdb.php" method="post">
<input type="text" name="name">
<input type="submit">
</form>
So, It so, the code in connectdb.php will only run, if the "submit" button redirects a user to it. It will not run, if a user directly open /connectdb.php page.
Do I need to start some session, something like that?
Note: I am a newbie, so please explain in detail.
Since your form is using method="post"you can place the following code at the very beginning of your connectdb.php file:
<?php
if (empty($_POST)){
exit;
}
//The rest of your code goes here
This checks to see if the $_POST variable either does not exist or does exist but is empty. If this returns true that means your form was not submitted and a user went to the page directly. The script will then exit and a blank screen will be displayed.
Instead of displaying a blank screen, you may instead want to redirect to a different page such as this:
<?php
if (empty($_POST)){
header("Location: index.html");
exit;
}
//The rest of your code goes here
Whenever you do a redirect like this, it is important to place an exit; statement directly after it, otherwise your script could still process some of the other statements and send data to the browser that shouldn't be sent. This of course could be a security risk in some cases. An exit statement prevents this kind of security risk.
Not sure if you really need it, but you can add a name attribute like the following:
<input name="submit_button" type="submit">
So when you click this button a $_POST['submit_button'] variable will be created on the PHP side, and then you can use it to check if the button was clicked:
if(isset($_POST['submit_button'])){
// your code
}
<input type="submit" name="submit_btn">
Now in your connectdb.php check,
<?php
if(isset($_POST['submit_btn']))
{
//do your code
}
else
{
//redirect to your home page
}
?>
I want to create a logout / sign out link from a 'members only' area of my website. So I created a logout.php script for this that the sign out link will navigate to and then I used header to redirect to index.php. My question is how do you prevent an user from navigating to the logout.php script by simply typing in the URL?
How do you prevent this for any instance for that matter?
For clarification:
I want users to logout using the sign out link ONLY i.e. by clicking on it; not by typing in the URL address of the logout script.
logout.php is as follows:
<?php
session_start();
if (isset($_SESSION['user'])){
unset($_SESSION);
session_destroy();
header ('location: index.php');
}
?>
You can stop that by making the logout.php a POST page rather than normal GET. One way of doing this is changing your Log Out link to actually be submitting a form, rather than just a normal link. Then on the logout page, check the form was really submitted before logging out. That will mean anyone just typing in the URL won't be logged out, while users clicking the link will be.
An example of this would be to make your HTML like
<form action="logout.php" method="post" name="logoutform">
<input type="hidden" name="logout" value="y">
Log Out
</form>
You'd probably want extra CSS to remove the form styling too.
The code in logout.php can be:
<?php
if ($_POST["logout"] == "y") {
/* Getting here means they clicked the link, so log them out */
}
?>
You can't stop them from typing logout.php in the browser, but this will ensure they will only actually log out when they submit the form (i.e. click the log out link). Just typing in the URL will get a blank page.
I want users to logout using the sign out link ONLY; not by typing in the url address of the logout script.
It is not really possible to avoid a visitor from changing the address bar URL in their browser. There's no real way to determine how the user accessed logout.php -- by typing in the URL directly or from a page on your website.
I think you're approaching the issue from the wrong perspective, but if you really want to do this, I'd suggest using a session variable.
This is a basic logout in PHP.
<form action="index.php" method="post">
<li>
<i class="fa fa-fw fa-power-off"></i><input type="submit" name="cerrar" value='Cerrar sesiĆ³n' style="outline:none;padding: 0; border: none; background: none;">
<?php
if (isset($_POST['cerrar'])) {
session_start();
session_unset();
session_destroy();
header("location: index.php");
exit();
}
?>
</li>
</form>
I have a question about login and accessing database for mobile web applications.
Namely, the fact that all the pages are usually in one page separated by ids, how do you send form data using PHP? There are no separate files to send data to.
Doesn't opening a connection at the top of the HTML file without logging in cause a security problem? If they do not login successfully, you are essentially redirecting to the same HTML file.
If someone could redirect to a tutorial (which I can't seem to find online) or give an overview, that would be awesome.
<?php
//1. Open connection
//2. Select database
?>
<html>
<body>
<section id="page1">
<form action="page2" method="POST"><!-- since the data needs to be send to #page2, do I just POST to the same html file? -->
</form>
</section>
<section id="page2">
<?php
//3.query database
//4. display results
?>
</section>
<section id="page3">
</section>
</body>
</html>
<?php //5. close connection?>
1) You can keep separate files in PHP, they don't have to be in the same page. For example, you have a file named login.php.
<?php ?>
<html>
<form action="index.php" method="post>
<input type="text" name="username"/>
<input type="password" name="pasword"/>
</form>
</html>
Then in your index.php file you would have something like this.
<?php
if($_POST['username']=="admin" && $_POST['password']=="admin")
//query database
//display results
?>
So you don't have just one file containing different pages.
2) You can include a main.php file in all your pages and check if user is logged in, if not, redirect him to some other page. In adition you could learn a little bit about session variables.
<?php
include("main.php");
?>
In your main.php
<?php
session_start();
if(!$_SESSION['islogged'])
header("location: otherpage.php";)
?>
So if the user is logged in there will be no redirection but other way it will.
Hope this helps you.
1)
Check out the following link. http://www.w3schools.com/php/php_post.asp
It explains how to access form data that has been sent to your php page. You need a decent understanding of HTML before you ever start working with PHP.
2)
The user isn't the one logging in. They never see the php code. It stays on the server. What they see is HTML. The connection is so the php page can connect to the database and retrieve information.
I'm trying to create a pretty standard user creation form for a website I'm working on, but my PHP amateur status is preventing me from accomplishing my goal.
Essentially what I want to do is have the user fill out a registration form, and then have a server-side script attempt to register that information. If the registration succeeds, then the user will be redirected to a page telling them to look for a verification email. If that registration fails (the email address is already in the system, not matching passwords, whatever), I would like to reload the page, but display the error message to the user above the form. Currently the form I have is being echoed out of a php file which is separate from the HTML from where the page is stored. My three questions are this.
From what I've read, the way to redirect users on success is to use header("Location: http://foo.com"). Is that correct, or is there a more proper way to do it?
How can I get access to the error(s) that caused the first user to fail? I've read that setting a session variable is a poor idea for a number of different reasons, but without that how can I keep track of the errors thrown by the form validation? Should I just create a global $errors variable that I clear every time I echo the registration form?
For this case, should the page that the registration form is on have a .html extension or a .php extension, or does it not matter? More generally, is there any rule for when a page is .html vs .php/.asp/something else?
Edit: added code below. Note, the form is rendered from a file called in ../views/register_form.php (I assume this is how I'd work on getting something MVC-like in PHP)
The page that the form is rendered on (called index.html)
<body>
<script type="text/javascript"> <!-- put the jquery load stuff into here -->
$(function(){
$("#registration_form").load("views/register_form.php");});
</script>
<div class="topbar"><!-- Create the top bar layout-->
<div class="fill">
<div class="container">
<a class="brand" href="#">Website!</a>
<ul class="nav">
<li class="active">Home</li>
<li> About</li>
</ul>
<form action="scripts/login_user.php" method="post" class="pull-right">
<input class="input-medium" id="login-email" type="text" name="email_addr" placeholder="email" />
<input class="input-medium" id="login-password" type="password" name="password" placeholder="password" />
<button class="btn" type="submit">Login now!</button>
</form>
</div>
</div>
</div>
<div class="container">
<div class="content">
<div class="page header">
Page header!
</div>
<div id="registration_form">
</div>
The script
if(//some of the data in the form isn't set)
{
//Set error conditions based on missing data
}
$confirm_password=$_REQUEST['confirm_password'];
$password=$_REQUEST['password'];
if($confirm_password != $password){
//report passwords don't match}
$email_addr=$_REQUEST['email_addr'];
$first_name=$_REQUEST['first_name'];
$last_name=$_REQUEST['last_name'];
try
{
$successful_creation=create_user_and_send_verification_email($email_addr, $password, $first_name, $last_name);
}
catch(Exception $e)
{
/*SQL errors are caught here*/
}
if($successful_creation==FALSE)
{
//If it couldn't be inserted for a non exception generating reason. If I get here, should I echo a page that has those errors printed, but is otherwise identical to the previous one?
}
else
{
//redirect to a "wait for a verification email" page
}
Yes that is the correct way to do it, but all headers must be sent before you try to render anything to the page. Also, you don't necessarily need to redirect, you can generate the correct output with PHP depending on the form data.
The script that receives the submitted form should check the submitted data for errors and can then output those errors to the page that is generated by that script.
If the page has php code in it then usually it needs a php extension unless your server is set up to process html pages as php. Otherwise, .html is fine.
I hope that helps point you in the right direction, although a more focused question with the code you have up to now would generate a better answer.
There are lots of tutorials on this on the web, you should follow one of those and experiment.
why dont you write the server side code on the same page and for every form input use a flag
for eg: if email is not valid $email=1.
den after submission if any flag is initialized,check for the flag and if $email=1 echo error else redirect.
I need to consider something in the future after I finish my application. What is going to happen is that a teacher will need to first login (login page is page 1), after login the page will go straight to a menu where the teacher selects a hyperlink link to open up a page (hyperlink menu is page 2), On third page I want a message displaying welcome to the teacher who has accessed the page (page 3 is welcome page).
Is there a way to get the teacher username from page 1 and displaying it on page 3 is what I am asking?
Below is coding and example:
Page 1: InputTest.php
<body>
<form action="InputTest2.php" method="post">
<p>Please enter your name</p><p><input type="text" name="user" /></p>
<p><input type="submit" value="Send" /></p>
</form>
<!-- The above allows a name to be entered and submitted to "InputTest2" by clicking on send button -->
</body>
Page 2: InputTest2.php
<body>
<p>Welcome</p>
<p>...</p>
<p>...</p>
</body>
Page 3: InputTest3.php
<body>
<?php print "Welcome <b>".$_POST['user']."</b><br/>\n"; ?>
</body>
in your InputTest2.php
add the following code in the start of the page
session_start();
$_SESSION['usernameLogged'] = $_POST['user'];
and then you can print it like this
also you should start a session
<?php
session_start();
print "Welcome <b>".$_SESSION['usernameLogged']."</b><br/>\n";
?>
Save it in the $_SESSION superglobal.
$_SESSION['user'] = $_POST['user'];
Then $_SESSION['user'] will be available on the third page.
Note: you will need to have session_start(); on both pages in order to store/retrieve session data like that.
Possible duplicate of: php: Save the entire $_POST variable in the session