PHP Web Application Design Basics - php

I am making a twitter application using PHP. Please excuse me if this question is elementary. In my application, the initial landing page (index.php) contains code for login/oauth. If the user logs in successfully, should I load a new page altogether or simply echo html that renders the user's profile page. For example:
if(login success)
{
load a file that renders selected user's profile page
}
or something like
if(login success)
{
echo html that renders a profile page.
}

If I understand correctly, you're trying to decide what to show the user once they log in. Rather than think what you should show them, what does the user want to do right away? Why do they use your site? If users want to see their profile right off the bat, then do that. If they want to see feed activity, show them that. To start off, you may want to create a simple page that acknowledges they are logged in and give them their major options. Track what users click and see what that tells you. If the vast majority use feature X immediately, then consider loading feature X first. If the users are all over the map, let them pick what they want to do, record it as a preference in their profile, and load that automatically.
In the end, the best thing to show a user when the log in is the first thing they most want to see. :)

I'd recommend looking into the use of some sort of PHP MVC framework.

Related

display a specific page only the 1st time user visite our site

I am working on darskite project in case of crisis. For this project we want to prepare a specific case.
We need to inform the user visiting our website of the crisis (eg : our factory has an electrical failure). We want to show him this specific page of information only during the first time he comes in our website. For the next visits, he must visit our classical homepage.
How can we target and identify a user to redirect him only once to the alert message (when he first logs in)? Are there any solutions like those for retargeting Google or Facebook via cookies? If Yes, what kind of cookie ?
Our website is powered by Drupal 7. Can Drupal handle this case?
Thank you for your ideas.
From the drupal docs:
https://api.drupal.org/api/drupal/modules!user!user.module/function/user_cookie_save/7.x
What you can do is: You first check if a cookie has been set. If not, then you set it. The next time the user visits your site, he/she will have a cookie so the logic gate will be passed.
Here's an example that you can use in your header file in drupal:
if (!isset($_COOKIE['some_descriptive_cookie_name'])) {
user_cookie_save('some_descriptive_cookie_name');
drupal_goto('temp/page/here', [], 307);
}
drupal_goto is documented here: https://api.drupal.org/api/drupal/includes%21common.inc/function/drupal_goto/7.x
Good luck.
There are two approaches:
You can do it using the JavaScript's localstorage
You can do it using PHP's $_SESSION[' ']
Both will follow the same mechanism, when user loads the webpage for the first time, set a variable as true. Now for the next visits check this variable, if it is set to true, don't load the first page and redirect it to your classical page.
Drupal can handle almost everything.
What I would do is to create a boolean private field in the users profile to store if the user already saw that particular page.
Following this approach you can also make reports about how many users have seen that page, or know if a particular user saw that page. Using fields gives you a lot of power in Drupal.
How can you store this value when the user sees the page? Check the rules module and don't forget to active the rules UI so you can configure this action triggered by the mentioned condition.
You can use hook_user_login.
function MODULE_user_login(&$edit, $account) {
// The user has never logged in before.
if ($account->access == 0) {
// Redirect user when first login.
$_GET['destination'] = 'redirect_url';
}
}

Should I use sessions for "LOGINS" on my site?

I have a classifieds website, where anyone (no need for login currently) can post a classified. It is PHP based.
The procedure for posting is currently like this:
click on "New Classified" --->
fill in a form of all information and hit "View classified before publishing it" --->
the form submits to a "verify classifieds" page, where users verify their inputs --->
If everything is okay in the "verify" page, then the user hits OK and the classified is published.
The above procedure isn't exactly optimized. The first page (new_classified) where the form is, is pretty good, but the second page (verify) uses x number of hidden inputs in another form, used to contain the previous pages form inputs.
Now you know how it works on my site.
The issue today is that alot of companies want to publish their classifieds, and alot of classifieds at the same time. This means they have to fill out the form again and again currently.
I am thinking about creating a login, for companies only, so that their information is automatically inputted into the form, so all they would have to do is fill out the specific classified details like "headline" and "description" etc.
How should I do this in my case? Sessions?
This means I will have to create a new MySql table (I use MySql mainly) and store company-profiles there.
So do you think converting to sessions is alot of work? Worth it? More reliable?
I have never used sessions so I wouldn't know.
As a last note, you should know that I use a picture upload tool on the first page of "new_classified". When a user choses a file to upload, the page is automatically *refreshed*, and then the image is displayed on the same page under section "images uploaded". I hope the session wont interfere with this approach.
Thanks
I think it is worth your while to do logins, and even on a very basic level it will help you to identify who is using your site etc.
This is probably a big debate around developers, what is the best way to do a good login system, whether it's basic or not doesn't matter, I think the concepts still stay the same.
In your case I would suggest session cookies along with a login table consisting of user details. This would help you to verify the user on more than one occasion during his/her visit to the site.
A login is checked against a user entry in a table and then a session cookie is created. This session you can choose to never expire also.
You can then on every step check that the user is the user that is supposed to be logged in and get the companies details by checking the username. This would make for a better query in my opinion.
Sessions aren't a lot of work and it's relatively easy to learn.
http://www.php.net/manual/en/book.session.php
http://www.9lessons.info/2010/02/php-login-script-with-encryption.html is a good example of what you can do with this. Have a look around still. There are a bunch of these great tutorials on the web.

PHP Redirector Counter for a link

I need a way to count how many times a link is being clicked and I was thinking of creating a php script to redirect to and do the counting. Is there a better way to do this and how would i count each time the user visits the link and would it be best to save in the database somewhere...any suggestions
Yes, it must be a PHP script - JavaScript for example won't work all the time.
So - instead of a link to
http://some.site.com/page2.php
You would link to
http://some.site.com/redirect.php?page2.php
And in the redirect.php you will track, for example, in a database, the values, and in the end throw this header:
header("Location: http://some.site.com/".$_SERVER["QUERY_STRING"]);
To redirect to the path after ?...
// yeah - logs might work... a little bit more work, though and it is also very server specific.
I would analyze your web log files as this will work whether it's a static page or a script.
If the page you need to count is a script, you could insert code that updates a table.
Website statistics is a big industry and there are many free and pay solutions out there to explore and get ideas from.
If you need to track clicks on a specific link then you'll probably need to use javascript to capture the click and send a notification to a tracking server. If you need to track page views then you're best off looking at your server logs. Remember that a page can have many links pointing to it, you have to differentiate between link clicks events page page impressions. Another possibility, depending on your application, is to use Google tracking, or a similar third party tracking app.

how to display a dialog if user can't download file

dealing with php/html/javascript.
i'm trying to figure out a good/best approach to allowing a user to download a file. i can have the traditional href link, that interfaces with the back end php app to download the file.
however, i want to have the app display some sort of dialog/alert if the user isn't able (basedon acl/permissions) to download the file... does this have to ba an ajax thing, as i don't want to do a page refresh...
thoughts/comments/pointers to code samples are appreciated.
thanks.
-tom
hi... more data/information.
in my test, i send the userID/fileID via the query to the backend php.
the app then confirms the user is the user for the file, and that the user has the rights to access the file. the query data is matched against data in the db for the user/file combination.
so the last/critical check occurs on the back end.
hope this gives a bit more insight into what i'm looking to do/accomplish.
thanks
-tom
AJAX could be a good technology to use if your looking for a work-around for the page not refreshing but it doesn't have to be your only option.
Another option without requiring AJAX, which might be cumbersome depending on how your project is design, is to enable or disable features depending on the user's authentication level.
As a simple example, enable features only related to Administrators and disable Administrator features for normal users.
You don't necessarily have to enable/disable features, you could also decide before the user clicks on links whether or not he/she has rights to do-so.
With more information on how your project is laid out, we can provide more concise answers.
The easiest method would be to return a HTTP response code of 401 ("Unauthorized"). This will cause your web server to display the 401 error page, which you can modify to fit your design.
Or, if you are using AJAX, then you can check for a 401 response code and pop up a nice alert for them without taking them to a different page.

Check when page changed

I'm new here, also a novice programmer, and not really familiar with PHP. I don't even know the name of some of the techniques I used when building my apps. I'm sorry for that, but I'll try to explain the best I can.
So I'm building a web apps with PHP / AJAX right now, and I've got to the point where some users (with their own privilege) have their own home page, which shows notification for them when something new happened in the system. I think I used the "get" method from the url to determine which page is the user in right now.
Here's a simple illustration :
A user with "Staff" privilege logged in, and then redirected to his home page. (http://localhost/apps/staff.php)
He open the notification page, and the url changes to : "http://localhost/apps/staff.php?cmd=notification"
I don't know the name of the technique, but here's how I do it : I get the cmd value using "$_GET['cmd']" and then pass it onto a function that checks what page to display.
The problem is, I want to delete the content of notification table and move it to the history table when the user leave the page so only the newest notification will shows. So I think I need to know when the user leave (move) to another page, or when the cmd value change. My question is, how ?
Ps. I'm still a student on a university so this is my homework. Please just point me on a direction and/or clue rather than write the code for me (and a clue to the name of that "get" technique is welcomed :p). I know I still got a lot to learn, but english is not my native and I've tried google and stackoverflow with no result (I believe it's because of my bad english and not knowing the name of the techniques I used).
Use a cookie to track the status of the notification.
See this thread for more info: Best way to show an admin message to certain users?
You can check if user went to notification (after his default user page) page like this:
if (isset($_GET['cmd']))
{
// delete old notifications
// and move to history table
// show new ones now
}
This checks if query string value cmd is there, he has moved to notification page.

Categories