I need to hide or show a div that have a slideshow inside.
The idea is to give to the users a link for them to hide or show the div.
At the moment I call the slideshow on the body of the page with <?php include('slideshow.php'); ?>
After the user clicks on the link to hide/show the div I will like to call a second file (
<?php include('no-slideshow.php'); ?> ) which contain a diferent div.
As far as I had found there is no way to achieve this with sessions, or at least I did't find a solution to this problem.
My guess is that this need to be done with cookies, but I don't understend how.
If you don't want to use JavaScript only way to achieve that is to use link (requires page to be reloaded).
This is basic logic only, not a complete solution, but think you'll get the point.
Create a link on web page to the server-side script.
hide/show
Create script togle_visibility.php to process user's request.
<?php
$hidediv = isset($_COOKIE['hide_div']) && ($_COOKIE['hide_div'] == 'hide');
$cookie_value = !$hidediv ? 'hide' : 'show';
setcookie('hide_div', $cookie_value, time()+32000000); // cookie expires after year
header('location: http://www.mysite.com/index.php');
?>
All you need now (after return to original page) is to check value stored in cookie and decide do you want od not to show that div to do user.
<?php
... more code
$hidediv = isset($_COOKIE['hide_div']) && ($_COOKIE['hide_div'] == 'hide');
if ($hidediv) {
include('no-slideshow.php');
}
else {
include('slideshow.php');
}
... more code
?>
EDIT: $hidediv condition.
It works if user has JavaScript disabled but doesn't work if cookies has been disabled in browser settings.
I did not check this code, so same typos are possible.
I am not sure I understood. You want to hide div once user cliks on a link?
Why are you not doing this using javascript? (hide/show the divs?)
This command will set a cookie named include with value what to include.
setcookie('include', 'what to include', time()+86400);
You can check this cookie before include like this:
if (isset($_COOKIE['include'])) {
include($_COOKIE['include'] . '.php');
} else {
include('slideshow.php');
}
Note: because cookies can be easily faked you'll need to check twice what to include.
Related
I am working on pages which are secured so no-one can link to that page using this:
Code below is called inside a loop.
$gentok = uniqid();
if(isset($_GET["action"]) && $_GET["action"] == "clean_$gentok") {
// stuff
}
Then, I have this to call the URL:
Clean this and that
But when clicking the link, the page refreshes and the uniqid() has already changed.
How can I make it so the uniqid() is still the same after the page refresh? I'm open for any changes or better ideas you may have.
Thank you!
Posting this as a community wiki since I've nothing to gain from this.
My suggestion in comments about using a nonce brought the OP to use the WordPress version of a nonce as their solution.
Reference:
https://codex.wordpress.org/WordPress_Nonces
Sidenote: To be honest, I was not aware that WordPress had one and found that reference link on the Internet.
My original reference:
How to create and use nonces
Additional reference:
Wiki page: http://en.wikipedia.org/wiki/Cryptographic_nonce
Use session for this. Put your unique ID in session array
session_start();
$_SESSION['gentok'] = uniqid();
if (isset($_GET["action"]) && $_GET["action"] == "clean_" . $_SESSION['gentok']) {
// stuff
}
In your display
session_start();
Clean this and that
When you creating a session set a value so every time that page loads it will check is your session for the value. Else you will redirect......you would put the code on top. If($_SESSION['sesname']!=$value]{header location}
You would pit this at the top of the page so it performs the check
OR
If you want a unique name then just put something that people want easily guess and don't link it any where
I want to have a navigation bar that tells the user where they just came from.
Example: Homepage -> Post
But if they are in their posts manager and click on a post, I want it to say
Posts manager -> Post
I read that $_SERVER['HTTP_REFERER'] is not good enough to get the full url so that's not useful as I want the navigation bar all clickable
Any help is much appreciated!
I believe what you want is called breadcrumbs.
What to use for navigation chain storage is actually up to you. You might use even $_SERVER['HTTP_REFERER'] if you want, but that'd be unreliable as it's client-side. Usual way to store such chain is actual URI or session.
For example, you have such URI: http://www.example.com/post_manager/post
Then you can iterate through explode("/", $_SERVER["REQUEST_URI"]) to get each step.
That's basic explanation to guide you to a right direction. You can google alot of samples and snippets using keyword breadcrumbs.
On the topic of saving last visited location (the way to determine wether abonent came from manager or homepage): you can use session's variables to do that. Here's an example:
This way you can set a variable on your homepage:
<?php
session_start();
$_SESSION['previous_location'] = 'homepage';
?>
And then you just access it from another page:
<?php
$previous_location = $_SESSION['previous_location'];
?>
It's important to set session.save_path in your PHP configuration file or your sessions might get lost.
You could do it on the client side if you use the Javascript document.referrer property. However, a better solution may be to use the global session array.
if (!isset($_SESSION['referrer'])) {
$_SESSION['referrer'] = $current_uri;
} else {
$previous_uri = $_SESSION['referrer'];
$_SESSION['referrer'] = $current_uri;
}
The best solution IMO is to save the location into session, every time the user goes to a 'meaningful' page (that you want to be able to navigate back to via this feature), then simply use this array of, say, last 2 visited pages to pull up all the information. Simple and effective.
<?php
session_start();
$_SESSION['user_interactions'][] = $_SERVER['HTTP_REFERER'];
// get previous
$previous_page = end($_SESSION['user_interactions']);
// list all user interactions
foreach($_SESSION['user_interactions'] as $key => $value){
echo $value;
if(count($_SESSION['user_interactions'])-1 != $key) echo ">";
}
?>
I have index.php that include pages like
<?php
define('MyConst', TRUE);
include_once('template/header.php');
if (!empty($_GET['action'])) {
$action = $_GET['action'];
$action = basename($action);
include("template/$action.php");
} else {
include("template/main.php");
}
include_once('template/footer.php');
?>
With in a template directory I have main.php which has link to other pages like page1.php, page2.php.
Goto page 1
Goto page 2
How could I prevent users form accessing pages directly typing "http://mydomain.com/?action=page1" on the URL? And redirect them to main.php if they have done it?
You can not. What you want is simply not possible.
For the server side there is no way to know whether an URL is typed or clicked.
If I understand correctly, the thing you want is to prevent the user to access http://example.org/?action=page1 unless they came from http://example.org/?action=main. To do that, you must be able to detect whether they came from http://example.org/?action=main. The safest way to do that is to generate some random value that you associate to the users when they access http://example.org/?action=main and to check whether there is a correct value associated to the users when they want to access http://example.org/?action=page1. If not, they tried to access that page directly.
Check for HTTP_REFERER and if it is not pointing to right values (like your meny page) then redirect user.
Maybe you can try this, On your index.php :
session_start();
if(! isset($_GET['action']))
{
$_SESSION['pageAccess'] = true; # Set the key whatever you want
}
then under that script (we need that session_start() used twice) :
if(isset($_GET['action']))
{
if(! isset($_SESSION['pageAccess']) || ! $_SESSION['pageAccess'])
exit('There is no direct access allowed.');
}
Hope this help, have a nice day.
As per your Question:
There are two approaches that you can follow:
Use HTTP_REFFRER and check on desired page if User is coming from the page u wanted. IF he is accessing the direct URL then show him error page.
Use $_SESSION but this approach can be harmful as SESSION will always be there untill browser / instance closed.
So better to go for 1st approach.
And also as per Pehaa, you can not check id URL is typed
I have the following PHP script within a file named login.php
<?php
$ref = $_SERVER['HTTP_REFERER'];
if ($ref == 'http://example.com/dir/invalid.php' || $ref == 'http://www.example.com /dir/invalid.php') {
echo '
<div id="invalid">
TESTTESTTESTTESTTESTTESTTESTTEST
</div>
';
}
?>
I have deliberately went to the invalid.php page (which redirects using header() to login.php) and this div does not show up. Does it have something to do with the referrer not really being invalid.php or is there an issue with the script?
Thanks
I don't think the HTTP_REFERER is what you think it is. Namely, it is the page from which the user followed a link to the current page. However, it's very unreliable as we rely on the browser of the user to correctly report this value.
I would suggest the option I thought you needed, except that the only one I can think of you might doesn't really makes sense... (checking if the url matches a url that's not the current script)... so I do not see what you are trying to do.
As promised several ways to do what you want to achieve:
First off, I don't like this solution at all and really consider it ugly, but it's the one closest to what you where trying to do.
invalid.php
require 'login.php'; // we include the file instead of referring to it
login.php
if ($_SERVER['SCRIPT_NAME'] == 'invalid.php')
{
// do whatever
}
The main difference between what you did and what I did for the user will be that here the url bar will show that you're at invalid.php and not somewhere else. This also means that refreshing doesn't make the message go away.
A better solution in my opinion is the following:
In your script that logs a user in (checks the database and everything):
if (!valid_login()) // pseudo-code, obviously
{
$_SESSION['invalid_login'] = true;
header('Location: login.php');
// previously, we had something like this instead of the two lines above:
// header('Location: invalid.php');
}
in login.php
if (isset($_SESSION['invalid_login']) && $_SESSION['invalid_login'])
{
$_SESSION['invalid_login'] = false;
// do whatever
}
Of course, this should be done with proper session facilities like starting up the session in both those files. Instead of using session variables, you could include the file and use normal variables or send GET variables through the header request, but both those solutions share a problem: refreshing doesn't make the message disappear. However, if you were to move the code from the top file of the two above to login.php (if it's not already there, I don't know what file that actually is...) you could once again use normal variables instead of session variables and have a solution in which refreshing does make it go away. In this case, you might argue that you are cluttering your files with bussiness logic and presentation, but there are solutions to that (like keeping it in a separate file, and including it into login.php, moving the html to another file and including that one into login.php or both.
I have a general question about php and mysql.
So currently, I have a form in a html file that on sumbit gets posted to a code.php with some input processing in code.php.
How would I go about generating different pages on submit with mysql and showing them the result from code.php?
So for instance, I have my domain example.com and on submit, it would generate a page example.com/1.php, and after, if I were to refresh the page and hit submit again, it would generate example.com/2.php?
I know my question is very general, just looking for a tutorial, or example to code to follow!
I actually think what you are asking for is something like a step-by-step add process?
So what I write in page 1, page 2 and page 3 firstly wants to be added on page 4?
If that is the case you should read about serialize()-function in PHP.
E.g. on post you could make this:
if( isset($_POST['step1']) )
{
$_SESSION['step1_ok'] = 1;
}
And then use the session for checking if the user comes from the last step. :)
I don't get your point, but to create a file you use fopen.
Not sure the point of this, are you trying to have a form that contains multiple pages?
You could just do that in 1 php page with something like:
<?php
if(isset($_POST['step'])) {
$step = $_POST['step'];
}
else {
$step = 1;
}
if($step == 3) {
//show s3rd page
}
else if($step == 3) {
//show 2nd page
}
else {
//show 1st page
}
?>
If you want the 1.php, 2.php, 3.php,.....
Then you should do something with mod_rewrite to make all those requests to to 'code.php' and then you would do something like above to figure out which of the virtual pages they tried accessing
Generating php code and then saving it as a php file which is then executed opens you up to a lot of security issues.
If your goal is to create the URL as you described for cosmetic reasons, perhaps you should look into mod_rewrite, or something similar.
http://articles.sitepoint.com/article/guide-url-rewriting