I'm using a page count to control the number of times a user can view a page before being redirected. the page is profile.php and if a user clicks on a users profile this takes them to profile.php with the extension id=1 or id=8 etc.
at the moment this script is placed in profile.php and it works fine, it limits the number of profiles a user can view. but i want to exclude a few profiles. is this possible?
I'm new and a beginner to php so if someone could please show me that would really help.
Please and thank you.
<?php
!session_id() ? session_start() : null;
if(!isset($_SESSION['page_access_count'])){
$_SESSION['page_access_count'] = 1;
}elseif($_SESSION['page_access_count'] >= 6){
// redirect to signup page
header('Location: limit.php');
exit;
}
// increase the page access session value
$_SESSION['page_access_count']++;
?>
Use an if statement.
if(on profile foo){
do bar
}
else {
count++
}
Yeah. Use an if statement. Looks like you're familiar with them, and you've already got some decent understanding of PHP, so maybe I'm missing something?
Specifically, for ease of maintenance, I'd do:
$free_profiles = array(1,8,12,14,96); // array of profile IDs to exclude
if (! in_array($_GET['id'], $free_profiles)) {
$_SESSION['page_access_count']++;
}
Related
I know this is a bit stupid and there's probably a smarter way. But are there a way to generate a session variable just by visiting a specific website. What I want to do is that I want a customer to visit one website before visiting another website. And also, is there a way so a session variable can only be used once?
thanks! :)
Just to clear everything. What I didn't know existed was the unset function. I wanted the user of the website to visit the first page first, then the next and then the final page. I also wanted it in a way that if the user wants to visit the second page he/she would first have to visit the first again. It's super simple and I don't know why I didn't know this. Here's what I did:
First page:
<?php
session_start();
$_SESSION['second_page']=true;
?>
Second page:
<?php
session_start();
if ($_SESSION['second_page']==true){}
else {
header('Location: example.php');
exit;
}
unset($_SESSION["second_page"]);
$_SESSION['final_page']=true;
?>
Final page:
<?php
session_start();
if ($_SESSION['final_page']==true){}
else {
header('Location: example.php');
exit;
}
?>
I am working on an admin panel and admin divides tasks among various users so i want specific users to use specific pages only which they are permitted to use (all other page's links should not be clickable).
I am passing a unique page ID with every page's URL and the page's IDs to which users are permitted to use are stored in database so I need to compare my session variable with URL value, in session variable i am fetching page's id to which user are permitted to use.
I am trying this code but getting no success
if (isset($_SESSION['pageID']) && isset($_GET['page'])) {
if ($_SESSION['pageID'] == (int)$_GET['page']){
// Proceeding code
}
else {
// return fail
}
}
Any help would be appreciated as i spent hours working on this.
Thanks in advance !
You should store the roles in the database not in the session. In a roles table you can store the privileges of users. For instance you can say that this kind of users shall access this page id. Once you created this when user wants to access your page you should send a query to your table to learn if this user have access to this specific page.
Example pseudo code:
$available_pages_for_user = select * from table_roles where user_id = $_SESSION['user_id']
if $_GET['page'] in $available_pages_for_user
//Proceed
else
//401 error or smt..
if (isset($_SESSION['pageID']) && isset($_GET['page'])) {
$s = $_SESSION['pageID']; //check what is coming
$p = $_GET['page'];
if ($s == $p){
// Proceeding code
}
else {
// return fail
}
}
I'm pretty new to programming and gotta do a project for school. My task is to wrinte a ticketsystem with login etc. in PHP.
Since my groupmates aren't to helpful at all i decided to just code the loginsystem and create a .php which loads content dynamicly.
For normal links things went smooth so far but the loginsystem + the dynamic system gives me headache already.
Whenever i hit the login button (even when I don't enter any logindata at all) I endup in the frontpage(home.php) with the header tellin me that I'm on the "user.php".
I don't get any errors or anything, there seems to be just soem logical errors which i don't get :-(
can anybody help me with this?
http://pastebin.com/5XMSje07
Add exit() under all of your header() redirects
What's your directory structure looking like?
It seems like you don't have a check for empty fields when the post comes in. There should be something along the lines of the following in your login function when the post is read in:
if($_POST['Login'] == null || $_POST['Password'] == null)
{
return false;
}
else
{
//do the login check with the sql call to match username and pw
}
Redirects should be used more sparingly than you appear to have done
In your login script, you have:
if(!isset($usergroup))
{
login();
} else {
logout($usergroup);
}
This is all very well if you assigned $usergroup from a $SESSION value, which you haven't done. This page will therefore always show the login form.
$usergroup = $_SESSION['user'];
would be a start.
You also have multiple session_start calls, as it says in Highlander, "There can be only one".
Your code to detect whether someone has posted data to your script is inside the functions and probably should be inside the above test. Something like...
if (!isset($usergroup)) {
// have we recieved post data to login, if logged in set usergroup)
// if we have not logged in, show the login form
}
if (isset($usergroup) {
// show the logout form
}
I have a strange problem that does not set the user as logged in to the SESSION until a second click (although they are logged in)
So, I have a login dropdown that looks like this:
I send the user to the ACCOUNT-SELECTOR. PHP to determine the approprirate validation based on a business or individual account:
if (isset($_POST['loginAccountType']) && $_POST['loginAccountType'] == 'individual') {
include('ind_login.php');;
} elseif (isset($_POST['loginAccountType']) && $_POST['loginAccountType'] == 'business') {
include('bus_login.php');
} else {
include('error_login.php');
}
I have session_start(); on my account-selector.php page as well as my ind_login.php page. And, both are located at the very top of the page (before anything else).
Once I log in, this is my view:
As you can see, I am able to set and return the $_SESSION['Ind_ID'] on the ind_login.php page and VIEW YOUR PROFILE works (which is linked to the SESSION ID).
However, we still see a LOG IN button on the navigation when the code says this button should be set to display:none:
if(isset($_SESSION['Ind_ID'])) {
$accIndStyle = "visibility: visible;";
} else {
$accIndStyle = "display:none;";
}
I know this is the correct code as the button does become display: none for other buttons. However, if I log in a second time, or go to a different page with the session(start), the site will read the $_SESSION['Ind_ID'] as set and hide the Login button and replace it with a logout button.
Any help very much appreciated.
Put your session_start() on the top of your index.php file (That file which includes the others.)
seem like your page needs to be refreshed, or just throw an ajax call in there to update the button value according to session.
In a Nutshell: this is a question, about improving the security of sessions in-order to prevent them from session fixation/hijacking
I have a user registration form, login and article posting form.
Now, when user registers, logs in or posts somethings there is always thank you page different for all three. More specifically 'thankyou.php'
The problem is users can access the static thank you page, by typing the url 'site.com/thanks.php'
I don't want this to happen, I want those page to show up only when a specific tasks have been arbitrated.
So, I thought about about making sql query's to see if users has posts for the last 5 seconds and show thank you page, or show 404 but, It's seems unnecessary to create a query just for than one. And, Since I think PHP is flexible if you guys give me an idea I could probable learn something new on the way, on how to achieve this.
You can restrict the page with the $_SERVER['HTTP_REFERER'] (enter link description here) viewing from they are coming to thankyou.php page.
You Can Achieve this by settling the session like this:
if($_SESSION['registration']=="registration")
{
echo "Thank you for registering";
unset($_SESSION['registration']);
}
elsif($_SESSION['login']=="login")
{
echo "Thank you for login";
unset($_SESSION['login']);
}
elseif($_SESSION['post']=="post")
{
echo "Thank you for Post";
unset($_SESSION['post']);
}
else
{
echo "session is not set,something is wrong";
}
So set the values in session on html page like.
$_SESSION['login']="login";
//like for others also