make webpage counters work in redirects - php

I'm writing a php program that redirects user to a page.(something like link shortener)
I want count pages visits without using mysql or etc. so I chose to work with a page counter service like histats but to make these services to work webpage has to be opened by user and a jsp or embeded flash has to be runned in user browser. but my program redirects user to another page that doesn't belongs to me and page on my domain wont be opened!
is there any way to make these counters to work?

You cannot normally force the user to call the counter URL. Especially when you redirect the client via http. You may save the hits in a plain file or any other database.
You should also know that the user maybe blocks the counter with an adblocker when you use a please wait for redirection message. Instat of redirect directly.

Related

PHP Query to Show Alert

I have a drupal website and I am trying to integrate an API of a control panel I am integrating the login of into the drupal site. In the API I must define a logout link mywebsite.com/logout that tells the user he or she has logged out.
However, I want it to go back to the login page and display an alert.
I was hoping there was a way in which I define the logout link in the API as mywebsite.com/login?=logout or something like that.
When the user logs out of the control panel, then it sends the user to mywebsite.com/login?=logout.
I have HTML code I would like to displayed on the page when the URL includes
?=logout. I have the HTML code for the dismissible box that appears on the top of the page already. However, I do not know how to implement it so that it only appears when the URL is mywebsite.com/login?=logout
Thanks!
You can do like.
if(isset($_GET['logout'])){
echo "<script>alert('test');</script>";
}
Hope it helps you.
PHP is a server side language, so, in order to do that, you would need to keep an open connection with every user that visits it. It is not very good idea to do that unless necessary.
Since this is a simple task, PHP can output a simple metacommand in the HTML code, as follows:
<meta http-equiv="refresh" content="300; url=http://www.yourwebsite.com/yourloginscript.php?action=login">
That alone will not do the job though, because if the user navigates back the web page will serve the page normally. No. You also need to make the cookie expire after a certain time this can be done like this:
// get the $username first, it can be store in the SESSION.
setcookie('username', $username, $Logtime)
Remember to set the $Logtime to 300 seconds. Refresh this on every visit to the website, so that the 300 seconds start every time user opens a page. Check the validity of the cookie on every visit to make sure the user is still logged in, With this, you will get the functionality that you want.
Another way to do it, is using:
<meta http-equiv="refresh" content="300; url=http://www.yourwebsite.com/yourloginscript.php?action=logout">
And simply have the script log the user out at that moment, like this:
// Clear the username.
setcookie('username', "", $Logtime)
Be aware that this will not work if the user has somehow disabled HTML forwarding, and there are various ways to disable automatic forwarding.
Even another method to do it would be to jave a timer in Javascript to do the job, and forward to a "logout" URL after the time elapses.
I would personally use a combination of them all just to make sure.

automated copy of all pages with relative paths using php / mysql

I have access to a website that I pay to use that has a really lame user lookup query. The information I need pertaining to users requires me to click each individual name and a modal window pops up with the info in it. I don't manage or own this site so I have no intentions of trying to access their DB directly - I just want to access the info using the (legal) means they allow.
This wouldn't be an issue if I only needed like 10 but I have to do 3200!!!!
I want to download all the info on each user page into a hosted MySQL DB. The website accesses the user pages with a javascript function and the URL looks like this ...
xxxxxxx.com/ModalReport?sharedID=0000&modalType=user
by changing the sharedID and directly using the URL in my browser, I can access each user's page (yay no modal!!!) - HOWEVER it must be running sessions because if I'm not logged in to begin with, I cannot access the page
Is there code or even an app that will access each page using the URL, copy to a db and then increment he shareID + 1 and start over and then stop when it runs out of pages?
thanks!!

How to avoid a login bypass in my webpage by entering URL

I am trying to set up a secure web page at home. I created a login page with HTML and PHP, and it actually works when a user tries http://example.com. However I noticed that if a user enters in the URL http://example.com/documents.html (where documents.html is a page in my website) it get access to the page contents without login in first.
I have been looking for a solution for several weeks without success. I’ve tried to use the .htaccess capabilities of Apache without success, (get same results as above). So if someone could lead me on how to avoid this, that would be great.
This question is very broad. There are many possible solutions. It is going to be very hard to give a best answer.
My personal choice would be to remove HTML pages from the public area of the website and then create a PHP page which checks for permissions based on the requested page. If that is OK, then the PHP page would read the non public HTML page and simply echo out the contents.
This will secure the HTML pages without the need to rename them or alter them in any way. This is often times better because there is usually a reason that you have HTML pages instead of PHP pages. If they are being generated somewhere else it could be very difficult to keep those changes updated too. It will also allow you a chance to add to or modify the output in code before you display it.
One PHP file could be made per HTML page or you could use one PHP file for all pages and use a request variable to choose which HTML page to authorize and display. That is up to you.
As a bonus, this type of system can also be used for any other type of file you'd like to secure but still give (what seems to be) direct access to. To do that, just replace mystaticfile.html with mystaticfile.zip (or whatever) and make sure to send the correct header.
For me I added this code in the start of webpage that should be only accessible of logging in.
<?php
if(isset($_SESSION["username"])) {
//Code to run if logged in
} else {
//This will return the user to login page if the user is not logged in
header("Location: login.php");
}
?>
This will protect the exclusive pages for user page even if the url is manually typed.

Simultaneous redirect to App Store and another page

After having completed an online registration process, I want to check if the user is using an iPhone, and in that case give the option of opening App Store to download the app. Here's what I've coded so far:
In PHP, check $_SERVER['HTTP_USER_AGENT'] for the presence of the substring "iPhone".
If so, output JavaScript code that, before redirecting to the welcome page, offers the possibility of going to App Store using a confirm box.
Redirect to itms-apps://itunes.apple.com/url-to-my-app using window.location = ... in JavaScript.
This works. However, when the user once again opens Safari, the page which I redirected from is still open. This doesn't make any sense in my case. I want to redirect to the welcome page regardless of whether the user chooses to open the App Store. If I try to write another window.location line below the first one to perform a second redirect, Safari simply skips the link to the App Store.
I've considered redirecting from a hidden iframe, placing some kind of timer on the second redirect, experimenting with different combinations of JavaScript and HTTP header redirects and so on. None of the solutions I've thought of so far seems really solid, though. How do I do this if I want it to work gracefully across browsers and versions?
The only way to do this is to use the welcome page itself to do the iTunes redirect.

how to protect php page used by jquery ajax call

I just finished coding my first jquery ajax call page. It calls a php page every 1 or 2 seconds and returns json data.
The page basically displays posts of the message board the user is viewing. There are multiple message boards and some users should not be able to view certain boards, however the same php page is used for the call. It pics out the message using $id that is sent by the ajax script.
My question is how would I protect the php page from being manipulated and opened directly? The user can easily change the board id by opening the file directly and changing the URL. Not to mention the other ways.
If there is no easy way, then I guess I'd have to duplicate the majority of the main page to check if the user has necessary permissions. That would mean more server load since the page is updated every second.
Ajax calls are treated by server in the same way as normal page requests. All the authentication and authorization mechanisms are called before serving the page. To make sure just log off and try to get stuff from your page using AJAX. It should not work if your page requires you to log into the site.
In ajax script you can use $_SESSION too - you can check if current user has privilages to specified ID - if not - just deny access.
Save the permissions in a session and check if that certain flag is present?
If an AJAX call can open the page, so can the user, you cannot rely on definitive technique to protect a page. Rest you can follow what #TheVillageIdiot has said in his answer.

Categories