I am using formmail by tactite to have the info submitted from my form get emailed to me. After the user hits the submit button, it goes to a "Thank You" page that by default just has some text, I'm trying to change that to load up a thank you page that I created and it doesn't work, what am I doing wrong?
Thanks!
Here's what doesn't work:
// MSG_THANKS_PAGE is the default page that's displayed if the
// submission is successful
// Parameters: none
$aMessages[MSG_THANKS_PAGE] = load('http://nimbledesigns.com/kelsie/thankyou.html');
This is what i had there before that DOES work:
$aMessages[MSG_THANKS_PAGE] = 'Thanks!<br /><br />'.
'Go Back'.
'';
Tere is no load() function built into PHP. Most likely what you're looing for is file_get_contents(), which'll retrieve the contents of a file (local or otherwise) as a string.
If that URL points back to your own server, you may want to save yourself a full HTTP round-trip and simply use a local path ... = file_get_contents('/path/to/that/thank/you/file.html').
File_get_Contents()
use
$aMessages[MSG_THANKS_PAGE] = file_get_contents('http://nimbledesigns.com/kelsie/thankyou.html');
instead.
Documentation
file_get_contents() - http://php.net/manual/en/function.file-get-contents.php
Alternatives'
If that file is on your server, then you may only need to do this:
$aMessages[MSG_THANKS_PAGE] = file_get_contents('thankyou.html');
That will stop PHP from using the HTTP stream connector and will use the File IO connector instead, which is going to be faster with less overhead (although the difference may only be viewable when your server is running slowly)
Redirects
You could also redirect them to the page, by issuing this command before you send any data to the browser:
header('Location: thankyou.html');
exit();
This will redirect their browser to the file. Again assuming it resides on your server. You could replace that with a the full address if required http://nimbledesigns.com/kelsie/thankyou.html
As stated earlier, file_get_contents is your best bet. There is no load() function.
But why not just redirect to the page?
It says how to here: http://www.tectite.com/fmhowto/redir.php
(I'm assuming that's the form mailer you're using, and "tactite" was a typo).
haven't used php load for a long time, but isn't it just for xml and returns an object?
is this? http://php.net/manual/en/domdocument.load.php
Related
I need on each page check if cookies are enabled.And use this code.
<?php
setcookie('COOK_CHK',uniqid(),time()+60*60*24);
if(!isset($_COOKIE['COOK_CHK'])){
echo"Cookies are disabled!";
exit;
}
session_start();
?>
However on the first check it gives me false until i don't refresh the page.I include this code in each page so can not redirect every time i load the page as it reduces performance.However i want to use it even if javascript is disabled.Any suggestions?
Can you use javascript? If so, all it takes is a check at the navigator.cookieEnabled variable.
It works in most modern browsers. You can read more about it here: http://www.w3schools.com/jsref/prop_nav_cookieenabled.asp
It's not possible because Cookies are in the browser, and PHP send them when the page has render, so will be available just in the second page.
A possible way to fix this is using javascript.
If you really should do it in PHP, for some crazy reason, send all your request to a main controller and save the state using other method, for example, write a var into a file, then redirect and in the next redirections you'll know if the cookies are enabled without needed any other redirection. Example:
$file = 'cookie_fake_'.$userIP;
if( !isset($_COOKIE['COOK_CHK']) && !file_exists($file) ){
file_put_contents($file, 'dummy');
setcookie('COOK_CHK',uniqid(),time()+60*60*24);
header('Location:/');
exit;
}
if(!isset($_COOKIE['COOK_CHK'])){
setcookie('COOK_CHK',uniqid(),time()+60*60*24);
echo"Cookies are disabled!";
exit;
}
Then you should write something to clean old files every hour or so, of course you can use a cache layer or a database or anything like that instead of writing a file.
Edit: The previous code will be really f** up if the user enables cookies and refresh the page, now I've fixed so it works at the second time it refresh. Not perfect but... You really should do this using javascript.
Cheers.
I am having issues with the code to access a remote website server2 from another website server1. The code I use from inside the server2 to log in is the following code:
require_once("http://server2.com/access/models/config.php");
if (!securePage($_SERVER['PHP_SELF'])){die();}
//Prevent the user visiting the logged in page if he/she is already logged in
if(isUserLoggedIn()) { header("Location: http://server2.com/access/account.php"); die(); }
On server2 it looks like I can not use require_once() because the page does not pass and when I use include() then prevent the user visiting does not pass. I think I am missing a code like cURL or path. Can anybody post the code to call my server2 from a another remote server1?
You can't include/require PHP pages from another server because those php-files are getting parsed. You will end up getting the parsed HTML code or non at all if your config.php meets minimum safety standards. You'd have to open it differently but be aware that if you can open config.php in an easy way remotely, everyone else can too...
I suggest not to use include at all but try a different approach: for example via a php script on that second server that returns you plain text like:
login|logout
ok|error
id_Paul23
pwHash_asdf02302afbd33
the second items after the | represent an alternative response if you have an erroneus login attempt. Your user sends the login-data to your script on server 1 which attempts a login-try on that special script on server 2 which returns the result above and you can then do whatever you want on server 1.
Or better: send/receive the data in a standardized format like JSON. You already have functions in PHP for that: json_encode() and json_decode() to parse your data.
Here is an example on how you could do this on a larger scale: http://www.jasny.net/articles/simple-single-sign-on-for-php/
This article will help you send the request to server2: How do I send a POST request with PHP?
My web hosting provider does not permit to use curl FOLLOWLOCATION option so I'm trying to
do it manually by using the header function.
My problem is that I need to keep my PHP script running and to be able to get the redirected URL data for parsing.
How do I do that?
Technically the PHP script continues running after the header () function is called. How you get URL data is another question. Can you not use get_file_contents () or readfile () on the URL?
You read the RAW data the request returns, you check for the redirect header(s), fetch the related URL(s) and do a new get with that URL (dry, rinse, repeat). As simple as that...
Alternatively you could stop being so lazy, check the curl_setopt documentation in the PHP reference manual and find solutions - by reading the comments at the bottom of the page - on how to solve this problem of course.
I have a flash upload script, that uses a .php file as the processor. I need the processor file to set a cookie with a gallery ID that was created by php script, and pass it on to the confirmation page. Except when Flash runs the php file... it doesnt set the cookie. It does set the session variable, which was good enough, but now Im using lighttpd for the site (including the confirmation page) and apache for the actual uploader processor script (because lighttps sucks at uploading large files), so the session vars don't get transferred between the 2 server software.
How can I transfer a variable from the php processor (running on apache) to a confirmation page running lighttpd?
Well I would assume that it doesn't set a cookie as it was called by a flash script not a browser, and cookies are stored by the browser.
The only ways I can think of are a mysql database, or simply a text file.
Just thought of a second solution which is probably less efficient than Nico's but may be better suited to you. If the cookie being sent to Flash isn't being sent to the browser also, you could use Flash's ExternalInterface class to pass the contents of the cookie to a javascript function which would set the cookie in the browser. Or you could call a javascript function which will make an AJAX call to fetch the contents of the cookie.
Not sure if we're doing the same thing, but I had a similar problem, not being able to set a cookie from a php script run through flash. However I later realized it failed because I was missing arguments.
flash.swf:
sendToURL('script.php?val=dataFromFlash');
script.php:
//setcookie('flashData', $_GET['val']); //this did not work
setcookie('flashData', $_GET['val'], '0', '/'); //this worked
The PHP manual says that only the name argument is required, but I had to specify the expire and date arguments to get this to work. Perhaps this is because, as Nico's answer indicates, it is not sent through a browser? Anyway, hope this helps.
here find best solution for store all upload images data in flex with php script
$array = array();
$array["large_filename"] = $image_file_name;
$array["large_path"] = DIR_WS_IMAGES_TEMPIMAGES . $image_file_name;
$setcookie = serialize($array); setcookie( "ImageCookie",
$setcookie, time()+(60*60*24*15) );
one of my php page returns data like this:
<?php
//...
echo "json string";
?>
but someone else use file_get_contents() to get my data and use in other website.
can anybody tell me what can i do to prevent such thing happen.
i consider if i can get the request's domain name to echo something else.but i dont know
the function to get request's domain name.and if the request is sent by a server,that
will be unhelpful. My English is poor, to express doubts, please bear with.
you can also use sessions. if somewhere in your application, before the user gets the json data, you start a session, then in this page where you are outputting json data, you can check for the session variable. this way only users that have passed the session generator page, can view your output.
suppose you have page A.php that generates the session. use this code before outputting anything in this page.
session_start();
$_SESSION['approvedForJson'] = true;
then in your page where you are outputting json data, before outputting anything, call session_start() again. the beginning of your PHP code is a good place to call it.
then before outputting the json data, check if the session variable for approved users exists, or not.
if ( isset($_SESSION['approvedForJson']) && $_SESSION['approvedForJson'] ) {
echo "json data";
} else {
// bad request
}
You can use $_SERVER['REMOTE_ADDR'] to get the address of the client address. You can also check $_SERVER['HTTP_REFERER'] and block external requests that way, but it's less reliable. There's probably a few other techniques involving $_SERVER that you can try.
Your fighting an uphill battle here. I am assuming your serverside process that responds in json is being consumed via javascript in your users browsers... so there is no easy way to encrypt it. You might try some of the techniques used to prevent xspf (see http://en.wikipedia.org/wiki/Cross-site_request_forgery ). If you developed the client to pass along some session token that is uniq per client you could reduce some of the problem. But, chances are whoever is stealing your data is gonna figure out whatever mechanism you put in place ... assuming this is some sort of ajax type thing. If its a server-server thing then as sli mentions, setting up some restrictions based on the remote ip would help, plus setting up some sort of API authentication tokens would help even more (see oauth for some pointers)
You could also using .htaccess with apache block every external request to the page if it get's called internally or block every request that is not from your domain:
Google search thingie
EDIT
You could also use some php file which includes the file which can not be read. So for example you have file.php:
<?php
$allowedFiles[] = 'somefile.php';
$allowedFiles[] = 'someotherFile.php';
$allowedFiles[] = 'jsonReturnFile.php';
if(in_array($_GET['file'], $allowedFiles)){
include( "include/".$_GET['file'] );
}
?>
Then you can allow file_ get _contents() on that file and write a rewriteRule in your .htacces to disallow any request to the include/ folder.
RewriteRule include* - [F,NC]
That will return a 403 forbidden error for a request to that directory or any file in the directory.
Then you can do you JSON request to something like: file.php?file=jsonReturnFile.php&someothherParamReadByJsonFile=1
And when someone tries to get the file contents for the JSON file they will get the forbidden error, and getting the file contents for the include.php won't return anything usefull.