If possible i'd need help with a reload thing. I mean i have this query, which gets submitted in one page, there is this profile registration, user enters his name and surname, then he proceeds in the next page entering more specific details. if a user reloads the page i.e 4 times, that's the number of times that the user's information get inserted in the database.
is there any reload function to prevent the submission of the query?
I haven't tried anything, if you would ask me that, because i don't know how to start. the only clue i have is about using ajax, but is there any php way to do this?
Thanks
You should follow the POST-Redirect-GET pattern and ALWAYS redirect after a successful POST:
Without seeing your code, you'll need a redirect like this:
if($inserted){
header('Location: mypage.php?msg=reg_success');
exit;
}
Then, on mypage.php, you could so something like:
if(isset($_GET['msg'])){
switch($_GET['msg']){
case 'reg_success':
echo 'Registration successful!';
break;
}
}
Or, you could create an array for success messages:
$success_messages = array(
'reg_success' => 'Registration successful!',
'logout_success' => 'Logged out!'
);
And then on mypage.php:
if(isset($_GET['msg']) && array_key_exists($_GET['msg'], $success_messages)){
$msg_index = $_GET['msg'];
echo $success_messages[$msg_index];
}
You should record all registration data in session and write them once after user click some "Finish" button.
Then redirect him and clear relavant session data.
By this way you can have any number of stage pages and nothing will be duplicated.
Related
Have a project where a user fills out a succession of forms in a multi-step process. Each of the form screens have a next/back button that does an AJAX call and does a POST to a PHP controller. The PHP Controller then writes the form data to SESSION.
I need to insert a test for a certain state. Let's say the user selects 'California' as a state. If so, then they are taken OUT of the flow and shown another page that is an error/info page. Part of the functionality of this page is that it needs to take the stored Session values and write to a MySQL table (first_name, last_name, email)
So far so good. Part of my confusion is WHERE is the proper place to test for this value. Since we are MVC, I could test for it at the AJAX/JS level, or do the test in the controller. I chose to just test directly after the POST:
// If the customer has chosen CA as a state we must stop process
if ($('#employee_state_origin').val() == 'CA') {
PAGE_STATUS.destination = 'error-page';
}
The code uses PAGE_STATUS.destination as a way to keep track of what page is coming up next, what page is behind, etc. etc. Basically a keep-alive sort of history.
The problem is this. Once I do this test, of course the POST has already happened, and the controller puts the values in SESSION like so:
private function storeUserData(&$posted_data, &$user_input)
{
if ($this->response_body->has_error) {
return;
}
//If we just got data posted from employee entrance and it already exists - we need to reset all the data
if ($posted_data->step === 'employee_entrance' && !empty($_SESSION[SELF::SESSION_KEY][$posted_data->step])) {
$_SESSION[SELF::SESSION_KEY] = array();
}
if ($posted_data->step === 'member_information' || $posted_data->step === 'physician_information') {
$user_input->createCustomObject($posted_data);
$_SESSION[SELF::SESSION_KEY][$posted_data->step][] = $posted_data;
} else {
$_SESSION[SELF::SESSION_KEY][$posted_data->step] = $posted_data;
}
}
After the data is posted and written into SESSION the page redirects and shows the error page. On the error page, I am writing procedural code to dump into a MySQL table.
The issue is when I first start the browser, of course the Session is empty. I go to the form, put in first_name, last_name and email and then hit Next... the Ajax call happens, the POST values are good, the Session gets written....
But after the redirect, on the error page I have to start the session...
session_start();
$first_name = $_SESSION['wonderousBooksProject']['employee_entrance']->employee_first_name;
The problem is $first_name is empty when echo-ing it out as well as the other values. If I go to the page again, and put in different information and then go to the error page again.... it prints out the PREVIOUS ENTRY.
So, it's saving the session information, but my target page will not retrieve the latest entry...it retrieves the one previous.
Anyone have a thought about what is happening. I have used session_destroy() to end session, session_write_close(), and lots of other things, but cannot understand why it writes the session value the first time, shows it as blank, then the next entry is persona non grata and it displays the previous one?
I am trying this page structure to a part of my website but I cannot figure out how.
This is with a logged in user:
On page 1, user clicks button to get themselves to page 2
On page 2, user does OPERATION to get themselves to page 3
Now, I it will become:
On page 1, user clicks button to get themselves to page 3
(as in, the same button that originally got them to page 2 before, but since the user did OPERATION, the button that normally leads them to 2, leads them to 3 permanantly)
Specifically what I need help with is getting page 1 to redirct to page 3 instead of 2 after OPERATION happens. How do I go about this? Probably something using databases I assume?
Here you need to keep track of user's status in $_SESSION superglobal. Let me explain how.
When the user does an operation, records its status in session, like this:
$_SESSION['operation'] = true;
page1.php
if($_SESSION['operation']){
// user has already completed the operation
// redirect the user to page3.php
header("Location: page3.php");
exit();
}else{
// user didn't complete the operation
// redirect the user to page2.php
header("Location: page2.php");
exit();
}
page2.php
// when the user completes the operation, redirect the user to page3.php, like this
header("Location: page3.php");
exit();
Set a session variable to store whether the operation has been
performed.
The link to the button should be set dynamically based on session
variable
In your operation() do the following :
opertation()
{
//some stuff here
$_SESSION['op_done']=true;
}
In the button link
<a href="<?php
if(isset($_SESSION['op_done']) && $_SESSION['op_done'])
{
echo "link_to_page3";
}
else
{
echo "link_to_page2";
}
?>"> Button_Name
</a>
In short, make a dynamic button link which will adjust with your session variable.
I am developing a courier application using PHP and MySQL and I have come across a minor bug. Say, I have a page that adds a new shipment (add.php). Upon filling the details and clicking on "submit" button in the form, addshipment.php is fired which contains the code to add the new shipment to the sql table. If the data is entered successfully, the following code will execute:
header("location:add.php?add=success");
Thus, the add.php page will reload with the URL "add.php?add=success" with an alert box that will say that data has been inserted successfully. That alert box is executed via the following code at the bottom of the page:
if(isset($_GET['add']))
{
switch($_GET['add'])
{
case "invalid":
echo "<script>alert('Please fill all the fields');</script>";
break;
case "fail":
echo "<script>alert('Your data was not inserted successfully');</script>";
break;
case "success":
echo "<script>alert('Your Data was Added Successfully');</script>";
break;
}
}
Works fine but every time I refresh the page I get the same alert box since the URL still contains ?add=success. I wish the add.php page not to contain the values after data insertion but still display the alert message. Any ideas?
Thanks
The common solution for this issue is to store messages in session and remove them once displayed. Many frameworks have appropriate mechasnim included (eg. Zend Framework has FlashMessenger).
You may also create such mechanism on your own, it's pretty simple. The most basic usage may look as follows:
// put any message in $_SESSION['message'] BEFORE redirection
$_SESSION['message'] = 'success';
header("location:add.php");
And then at the bottom of the page:
if(isset($_SESSION['message']))
{
switch($_SESSION['message']) {
case "invalid":
echo "<script>alert('Please fill all the fields');</script>";
break;
case "fail":
echo "<script>alert('Your data was not inserted successfully');</script>";
break;
case "success":
echo "<script>alert('Your Data was Added Successfully');</script>";
break;
}
// do not display this message again
unset($_SESSION['message']);
}
Don't forget to call session_start somewhere at the top of your code.
Replace success in the URL with a message ID.
Store the message in a database, associated with the ID.
After the ID has been requested, generate the page with the alert and then mark the message in the database as seen (or delete it entirely).
If another request for the same ID comes in, don't include the alert (or redirect to the URL with the query string on the end).
We need to use name for submit button. It's need to get values from the form if submit button is click. Then we can check whether we click the submit button.
Assume name of submit button is "submit". Then:
if (isset($_POST[submit]))
{
/* do the form validation and processing here. */
}
This is the way we can check we see this page for the first time or whether we click submit button. URL will not change. Therefore alert message wont pop-up when we refresh the page. Just use $_POST[] instead of $_GET[].
I have two forms for registration. I am saving the first form data in session. The problem is the user can access the second form without filling in the first form.
I want to restrict the user from accessing the second form directly.
You can check in second form that data in session are available or not. If not available then you can redirect him to first form
If you have any query fill free to ask.
So basically what you want is that a user cant acces the form, if there is no session? Correct? Cause if so, its a matter of making an if-else statement.
What i do is when i create the session, i make a session variable, for instance with, for instance the username. Then you retrieve that data on the next page in the second form
$UserName = $_SESSION['Username'];
And then you run an if else statement
if (!isset($_SESSION['Username']) || $_SESSION['Username'] == '')
{ echo "ERROR STATEMENT or Redirect back to first form";}
else
{ echo "your second form";}
Hope this helps you
In a Nutshell: this is a question, about improving the security of sessions in-order to prevent them from session fixation/hijacking
I have a user registration form, login and article posting form.
Now, when user registers, logs in or posts somethings there is always thank you page different for all three. More specifically 'thankyou.php'
The problem is users can access the static thank you page, by typing the url 'site.com/thanks.php'
I don't want this to happen, I want those page to show up only when a specific tasks have been arbitrated.
So, I thought about about making sql query's to see if users has posts for the last 5 seconds and show thank you page, or show 404 but, It's seems unnecessary to create a query just for than one. And, Since I think PHP is flexible if you guys give me an idea I could probable learn something new on the way, on how to achieve this.
You can restrict the page with the $_SERVER['HTTP_REFERER'] (enter link description here) viewing from they are coming to thankyou.php page.
You Can Achieve this by settling the session like this:
if($_SESSION['registration']=="registration")
{
echo "Thank you for registering";
unset($_SESSION['registration']);
}
elsif($_SESSION['login']=="login")
{
echo "Thank you for login";
unset($_SESSION['login']);
}
elseif($_SESSION['post']=="post")
{
echo "Thank you for Post";
unset($_SESSION['post']);
}
else
{
echo "session is not set,something is wrong";
}
So set the values in session on html page like.
$_SESSION['login']="login";
//like for others also