Expirable links to profile pages - php

I'm working on a project in core php with mysql for a tutor agency in which i have send mail to people with links to the tutor profile pages matching their required criteria. I want these links to be temporary links and want them to expire in say 72 hours, I'm not sure how to go about it. Any ideas?
originally link is something like this
"http://mysite.com/mysubdirectory/index.php?action=view_credentials&tutorid=".$tutor_id;
Thanks for help.
For anyone looking for the same answer as I was, I followed shadyyx and with a bit of effort i was done!! thanx everyone!

Some solution that bumped into my mind:
Create a DB table for these links where You would save the link, unique identifier (some hash), date it was created and date when it will expire.
Then create a page (script) that will get that link (containing not the full URL but the URL of that script and a unique identifier of the link stored in the DB). This script will try to search for the link identified by the unique hash while conditioning current date and time to the link expiry date.
If the link is found and not expired then You would redirect user to that page otherwise You will end up with a message that the link is expired or not found.
Should be pretty easy to implement.
Hope this idea will help You.

Use a table to store the TIMESTAMP when sending the link and redirect to an error if the link is accessed after TIMESTAMP+<72 hours>

Your tutor_id shall be stored in database before you send it. This would help sending unique id (just in case :), and do some checks if i.e. ID used come with is valid. So when anyone enters the link, your index.php should check if all parameters are valid, query DB agains value of $_GET['tutorid'] and see if it is not expired. And you'd know this because your DB record shall hold TIMESTAMP with creation date. Having creation date you can check how old it is and accept or reject the tutor_id

Protected Links is a PHP Script from codecanyon, it expires links after a fixed time and much more..
It can be used to expire a tutorial link or any other link in 72 hours or any number of hours, by IP address, for single user or mutiple users. A php coder can integrate this in their application with some effort.
http://codecanyon.net/item/protected-links-expiring-download-links/2556861

Related

How to limit a user to one visit on a single page?

Hello Guys i hate asking stupid questions here so i hope this isn't, How would i go about limiting someone to a download page of mine? so if they try to visit that page again (more then once) to download something it will just redirect or preferably change the download links to link 2 then Link 3 and is it possible to do without a database?
Eg:
First Visit - main link
Second Visit- link 2
third Visit- link 3
4 and up Visit no link and redirect
Maybe with cookies? i really i have no idea how to do it and i have Googled it but my wording must not be there...
Is there a name for this or a script?
Thanks for your time Guys.
A.
The best method to achieve the desired goal is database. Create a database table that contains two columns :
(1)Page Visitors IP
(2)The Last Download link used by the visitor to download
file(contents) from your website.
B.
You can too achieve your goal with the help of COOKIE.
setcookie("Visitor IP", "Download Link used by the Visitor", $expire);
Everytime, visitors visit your website, fetch the visitor IP and check whether $_COOKIE["Visitor IP"] is set or not, if its set, then update the existing Cookie else create the new one.
However, using Cookie is not a convenient way, as there might be a case where
Browser does NOT Support Cookies.
Client alter the Cookies value and use the previous link for download.
So, most simplest and elegant way to do it is, using Database.
UPD:
*How easy is it to code/setup a database?*
Setting up/Connecting to a database in php is pretty easy.
Refer the following LINK
Coding is pretty easy as well.
-Whenever the visitor click on the download link, fetch Visitors IP ($fetched_IP) by either POST or GET method. Also fetch the Link ($URL) visitor has clicked.
-Query the database [eg: Select DB_IP,LASTLINK from database WHERE DB_IP=$fetched_IP.....]
-If RowCount>0, then IP($fetched_IP) exists in database. Check the Last Link visited by the $fetched_IP.
-If LASTLINK!=$URL, then allow him download the content from $URL.Update the LAST_LINK column in database table by $URL.
-If rowcount==0,(New User) Insert a row that contains DB_IP=$fetched_IP(Visitor IP) and LAST_LINK=$URL.
An easy was is to use a hash table (associative array). When they satisfy the criteria to access the file, add an entry to the hash table using the the unique url as the key and the document path as the value. Save it to the session. When they access the url the page checks to see if the url is in the hash table. If it is, remove the url from the hash table and stream the file. If you wanted to allow multiple uses, you could store a countdown variable along with the url, that will decrement with every access and only delete the url from the hash table when the count is zero.

How to count how many people read an article

I am programming a Blog. I am interested how to add a counter to the side to see how many people read the different articles.
I understood that if you have a Website counter, than you would normally save the IP and the Date in the database so you only count the person once.
But how would I make sure that a person reading a specific article is only counted once for that article?
The database would turn very big if I would save each Visitor IP for each Article. It came now into my mind to maybe create a Session for every Visitor. Within this Session I save each ArticleID the Person read. So before I update the counter in the database, I check if it already exists in Session - if not increment counter and save in Session otherwise dont.
Is this the right approach or is there another way to do it?
It depends on which data you want to save. You can save:
Number of hits (count all people/bots/... who opened the pages), this makes fake impression of readers, because doing a refresh will count me twice.
Number of unique visitors, create a session for the user. and increment the counter only once in the session. This can be improved by setting permanent cookie, but looks like overkill for me. and by the way, I can open the article and don't read it!
Number of people interact with the article. You can put some javascript capture (mouse scrolling, clicks on article text, ...) , split text into parts with "read more" ... etc.
If I were you, I will name it "number of views", and use solution 2. And combine this with google analytics (or similar solution) to know more details about visitors.
Google analytics is better way
But if you want to do it by programming then follow the steps.
i) In your table from the data of particular article comes just add one column no_of_view or whatever you want to give..
ii) In the starting of page write down the code of php for ::
from the url you can get the id of current article.
then from select query get the value of column no_of_view for particular ID (article)
then fire a query for update that record for no_of_view column with +1
If you want to get that more accurate then add ipaddress column and date also....
I prefer to use Google Analitycs API for such tasks. It' hard to implement for the first time - but once made it will help you on any project.
You can read here - http://code.google.com/intl/en/apis/analytics/docs/gdata/home.html
I would set a cookie on the user's browser and send it to the server. If the cookie is new, it's a new user reading the article for the first time.
I think, you can execute an ajax function, when user click on article to update column in database table field name 'number_of_click' as per article id and other relevant reference
and show it by simple query 'SELECT no_of_click FROM article WHERE id='{$individual_article_id} ....'';

How to do a registration confirmation email which will expires within 24 hr

I have a php registration form but now I want to create a registration confirm email which will send to provided email and expires within 24 hr. and when that link is clicked then registration will be confirmed.
Please anybody help and provide some code.
Thanks in advance.
The idea that's generally used is as follow :
When generating / sending the mail, you include in it a unique identifier (random, hard to guess) -- that identifier is in the link the user has to click on
This means thins link will look like http://www.yoursite.com/validate.php?id=HQGETBDC
At the same time, you record a piece of data in your database, with :
the user's to which the mail has been sent
the unique identifier (to be able to find this record)
the current date / time
when the user clicks the link, he'll visit a page on your server
that page will use the unique identifier (present in the link), to find the relevant record in the database
if that record is more that 24 hours old, the user will not be allowed to validate his account.
In addition, you'll probably want to code something to remove old entries (more than 24 hours and not validated) from your database -- using a cronjob, for instance.
You can store a list of email addresses, confirmation codes, and dates they were sent in a database. When the user tries to run the confirmation you check if the current time is less than 24 hours ago.
Once a day or once a week you run an automated script to delete stale entries.
If you don't use a database you can also use a bunch of text files as an "ad-hoc" database.
Supposing the e-mail only sends a link to an activation page with a key (/activate.php?key=14315515151...), then it is as easy as blacklisting/disabling the key.
If you explained better how your activation system works, it would result in a more precise answeer.
For email verification, you want to provide a token. And since you store that in the database, just save the expiry time too:
db("INSERT INTO confirmtoken ...", $confirm_token, time()+24*3600);
The time()+24*3600 represents a timestamp 24 hours from then.
When the user clicks your confirmation link ../confirm?token=3281nfakjnih98 then simply check if the time hasn't passed:
db("SELECT * FROM confirmtokens WHERE id=? AND maxtime<UNIX_TIMESTAMP()");
These are the steps you need to follow
On registration create a new user and set his status as pending (or similar). Also create a hash to uniquely identify the user. Remember to have a created (or similar) column
Send out a mail with a link that points to your confirmation page. You just need the hash as the identifier
When the user clicks the hash, you can compare the current time with the created column and check whether it falls withing your date range (24 hours)
Normally you would enter a line in a database which has the uid attached to the registration with the date/time it was sent, and a clean up that runs every so often, depending on how busy you expect the site to be.
Therefore, if the link is clicked before 24 hours is up, then its removed and the registration complete, if not, after 24 hours even if the clean up hasnt run its then removed and the user told its expired, if its cleaned up, its already expired and the user can be told it cant be found, this could be because more than 24 hours has elapsed.

Controlling Access for Trial Subscription

I've been tasked to build a system that allows someone in our company to send out an email with a link to a pdf file that will be kept on our webserver. The recipient can follow the link to view a newsletter we normally sell. The idea is we do this for three months, then see if they'd like to continue and pay for the full subscription.
I've got the registration portion built, but I'm trying to find the best solution for sending the email. Here's what I've thought of, but am interested if anyone else has something better..
1) When emailing, generate a generic code that gets appended to the URL. The use would follow the url, and it would check our DB for "ok" entries and pass/fail them access. This seems ok, but a link could be passed around or even loaded to a public site where anyone could access.
2) To extend the above, I thought maybe I'd have a "one time click" kind of thing where once I know the link was clicked, it could expire, so any subsequent clicks fail. The downside is if they click to view and close their window, they're done. Likewise, if they click and their computer crashes before download completes, they'd be locked out as well. I don't know if there's a way (in PHP for me) to confirm a file download has completed...
3) I could put the files in a directory like /trials/201009/r#nDomstr1n6.pdf where the file is uploaded and the name for the link is random so it would be hard to guess. Then I could use .htaccess to protect each month's folder with a different password. This could get tedious and would be annoying for users most likely.
We don't want to force them to manage their own passwords b/c having to login and remember yet another account may discourage participation.
Thanks for any ideas or pointers.
D.
I'd say do it with a random code for authentication per email address, and expire that after 5 days. If you limit access to the ip that first hit the url hash, that could work too but could iconvenience legitimate users/customers.
In any case make it easy for legitimate users to request a new authentication code if needed. That way even if any of your limitations inconvenience one of your potential customers, they will not be as ticked off about it.
Finally, consider that if they like the pdf and want to share it, they will probably just share the pdf itself right away and not bother with a link.
First off, realize that there is only so much you can do here on your end. You are allowing users to download a PDF, after which they can do with it what they please (legally or otherwise). So, preventing passing around the link is not necessarily going to prevent people from sharing or posting the PDF itself.
That said, if you do want to make it a little harder, you could do a variation of your suggestion #2 in which you institute a time delay of some kind before the link expires after it is clicked. You could also limit the number of times the link will serve the file. Because people have a variety of connection speeds, and because I do not know how large your PDFs are, I cannot say for sure what the time delay should be if you choose to use it.
Like I said, though, if someone is determined to share the file, they can easily do so.
Another possibility is that since you already know the persons email address, form a specific url for them in their email link.
So a user would click a link http://www.yourdomain.com/download_pdf.php?email=person#test.com
Keep a table with the following data for the email addresses.
id
email_addr
read_date
expire_date
When they click the link check to see if they've read it before and if they have check it hasn't expired. If it hasn't, serve the pdf to them, if it has give them a page that says "Sorry, your trial has expired../"
If its their first time clicking it then set the read_date and calculate the expiry date and set that.
Or optionally you could generate a hash or something and use the hash to id the user instead of their email address.
You could also set up a download column int he table and stop them from downloading it more than twenty times or something by incrementing the download column every time they click the link.

how to handle online status. guest, users etc

Whats the best way to keep track of how many users and guests are online? Im making a forum for fun and learning
Right Now I have a 2 fields in the users table called is_online and last_access_time.
If current time is 5 minutes or more than last_access_time i set is_online it to zero. And if the signed in user refreshes browser i set it to 1.
But what about guests? I wanna keep track on how many guests are on also
Another thing that would be really cool is to show what page the user is viewing. and on the page, forum thread for example, 5 guests, Homer and Shomer are viewing this page. But how should i structure this? Hmm maybe i should make another question for that.
i dont know what i should do
What do you suggest?
I'd use cookies for this. Set a cookie when the user enters (checking first to make sure one doesnt exist). Easy way to generate a unique id for that user is to hash their IP plus the current time.
$id = md5($_SERVER['REMOTE_ADDR'] . time());
Store that id in your database and use that to reference
You can check what page they are viewing by grabbing either $_SERVER['PHP_SELF'] or $_SERVER['REQUEST_URI'] near the top of your php source. Store that in the table. I'd take a look at php.net's explanation of whats stored in the _SERVER global, as it should help out quite a bit if you find that you need more then just the document they are on (ex index.php). Found here.
You may need to pull apart of the query string that was used to access that page, parse out the variables to determine the page they are requesting. Either way, this could all be done through cookies, or just use a single cookie to store the unique id and use your table for storing everything else.
You cannot know for certain which page a user is viewing, but you can keep track of which page they last viewed. Every time you deliver a page to a user, record that page's path in a database row associated with them. Voila.
To keep the number of guests, I suggest tracking the number of distinct unauthenticated IP/HTTP-User-Agent combinations seen on a certain page in the last X minutes.
I found this article on Web Monkey that might help you.
http://www.webmonkey.com/2010/02/how_many_users_are_on_your_site_right_now/

Categories