I'm looking to use mod_rewrite to mask user profiles on my site. However, their profiles are decided by their id in the format /profile.php?id=1. Both 'user' and 'id' are in the mySQL table 'users'. Is there a way to reroute the URL to read /user? Sorry if that's badly explained!
RewriteEngine on
RewriteRule ^profile/([^/\.]+)/?$ /profile.php?user=$1 [L]
This will cause all /profile/username to be redirected to profile.php?user=username. You can then check in your PHP:
if (isset($_GET['user'])) {
// Check if the username exists.
// SELECT ... FROM users WHERE username = ..
}
.htaccess will not be able to use the info from the database to do what you desire. Even if it could you shouldn't do it :).
But what you can do is to change the profile.php to be able to read an user by the name. Let's say to make profile.php able to process a new parameter name= and you add logic in it to look in the database either via an id or via the name. If you have this then is actually trivial to route / to /profile.php?name=.
You will also have to change the website generation to output proper urls.
Also look at Cristian's answer for more technical details. It's the same idea in the end.
You wouldnt change this in htaccess, or with any kind of config/rewrite rule. This would be done in your application PHP if I understand what you want.
in /profile.php?id=1 profile.php is (rewrite rules aside) the source PHP file, and id is a GET parameter. Its like an argument to profile.php when it executed. They come in the form source.php?get1=val1?get2=val2.... and you access them through the array $_GET
If you don't want users to see that id, you can do one of two things.
Replace it with user, as you suggest. URL would be 'profile.php?username=XXX'
Then in your code you will presumably need to perform a simple database query to get the id from the user name. Should be about 5 lines towards the top of the code in profile.php and the rest can remain unchanged Beware that this demands unique user names in case you werent before, and some special characters might be a problem with get parameters in the URL? For most user names, uniqueness is required and special characters are not allowed, so hopefully this isnt a problem.
Keep id but make it a POST peremeters. URL would be 'profile.php'
POST parameters are similar to get but they are not visible to the user because they aren part of the URL string. Just switch $_GET to $_POST in profile.php. The code will still identify users by id, but they won't be able to see their IDs.
In either situation you will need to change any incoming links.actions that lead to the descrubed URL that we are changing.
EDIT - Christian's has a good suggestion which is similar to #1 above but would allow for nicer looking URLs like profile/XXX rather than 'profile.php?username=XXX'. Code within profile.php would ne hte same, his changes are in profile.php are the same
Related
I have some php code like following lines of code when clicking on the image it goes to different departments.
Departments.php?DepartmentsID=6?&CampusID=1
which shows in url when click on it.
How I can easily encrpt it so that it doesnot show in url same is the case with downloading some file.
download.php?filename=abc.pdf?
how i can disable or encrpt the code so that i didn't show up in url.
thanks
want to hide varibles that as passing through html link
as far as I understand you want to pass some kind of token as the link and not something readable like the filename or an id to your site to handle the request. (the user only sees tokens and nothing else)
so clicking on a link gives you something like Departments.php?action=907fgash6f8906a6asf6g...
If you want something like that you would need some kind of database to store your tokens so your code knows what to do on a given token.
Or you could use actual encryption which you would have to decrypt and of course keep your key hidden and secure.
I don't understand why you need to do all this. If you can give more insight on why you want to do this there might be a better solution
In your PHP form change or set the method as method = "POST".
You're using the URI as a GET parameter which is where you are receiving such complications. You can choose a more MVC related method to approach this:
www.example.com/6/1
The above example represents the Department ID as 6 and the Campus ID as 1 using a router. I suggest using AltoRouter.
$router = new AltoRouter();
$router->map('GET|POST', '/[i:d]/[i:c]', function($department, $campus) {
echo "Department $department on Campus $campus.";
// Add your code logic
}, 'Name of route');
$router_match = $router->match();
if($router_match && is_callable($router_match['target'])) {
call_user_func_array($router_match['target'], $router_match['params']);
exit();
}
// Some 404 stuff.
This can be used for mutli-mapping meaning you can change the download link to whatever you like, for example just unique file ID's that the end user must know to access it and on top of that, it could be a RBAC file before the download so only X users can download / view certain topics.
This repeats some of the info answered by others:
use POST, this only removes the ability to read the data in query URL but is still in clear text.
Ensure SSL is enabled for transport encryption
Use encryption at the message layer, the actual text itself can be encrypted if you so desire
Extra note, if the data is that sensitive and is stored at REST say in a DB, you may want to encrypt it there as well.
Basically "defense in depth" is the approach, there is never a silver bullet
This question may have been asked before but I couldn;t really find it.
What I want to do is, websites like pastebin.com, even stackoverflow, these generate new webpages based on user input showing that data from what I can understand.
I want to make it like that. User enters something, and he is given a permalink to share that information.
How to do this using PHP ?
EDIT: Here is an example
Like, I want it that
instead of having something like www.example.com/view.php?id=123
I want it like
www.example.com/view/123
This is impossible to be done with PHP, you can do this with .htaccess's url rewriting.
a good article about this can be found at: https://www.addedbytes.com/articles/for-beginners/url-rewriting-for-beginners/
In this site , work some ajax function, when you add some data in textarea and click submit, called function , that saved current data in db, and return some json data , and then show you in some format.
Simply done like this:
Create a index.php containing a input field where the user inputs their data.
Post data to the server and create a random string which will be the users permalink.
Then insert the random string and data into a database.
In the index.php file say that if any uri is added after your domain like example.com/
it checks against the database if this code exists in db, and returns the result to the visitor.
I know two ways for sending an ID to another page:
as URI segment. exemple: http://mypage.com/index.php/ID
as an input field in a form using POST or GET methods.
Is there another way than these tow?
The purpose is to have a list of records. When the user clicks on one of them, s/he gets the full details of the selected record in a different page.
"Is there another way than these two?"
You can store it in $_SESSION too. If that what you are curious about.
But it's not the best way with your current problem.
Simply use GET (www.yourpage.com/records/THEID)
Well, you might consider this to fall under your first option of a URL segment, but "URL segment" usually means some part of the URL before any GET parameters...just to make sure you're aware of this, you can also put in GET parameters in a URL yourself without creating a form.
These days, URI segments like index.php/123 are popular, but traditionally the way to link to a detail page like that was index.php?id=123; then you can access the ID using $_GET['id'].
I am implementing project with LAMP. It is like a simple craiglist. People add their posts deals, etc.
I need a way to let users have their posts URL after they submit (Like Craiglist) so that they can save it and visit later. However I am not sure what is the way of doing this.
Basically I want to show them their posts whenever they visit the url I gave them.
for example: "mywebpage/posts.php?=/user-post-key".
"mywebpage/posts.php?=/user2-post2-key".
Should I have a posts.php file and parse url after '?=' to decide what I am gonna fill page with?
Above example was just my idea, it may not make sense sorry.
Any suggestions would work.
Yes, you need a posts.php file and depending on the parameters passed with the url you may show specific post, for example, if you have a url something like this
mywebpage/posts.php?key=user-post-key
Then you may retrieve the key in your posts.php using something like this
$key = $_GET['key'];
if(!empty($key)) {
// you have a key
}
The url given in your question (mywebpage/posts.php?=/user-post-key) is not in right format. If you pass parameters with url, then it should be like this
http://example.com/somePage.php?param1=value1¶m2=value2
These parameters will be available in the $_GET array and you can retrieve parameters with their corresponding key, for example, to retrieve the value1 in somePage.php file from given url above, you may use
$value1 = $_GET['param1'];
You may also construct a url like this
http://example.com/somePage.php/value1/value2
In this case, you have to do some extra work/mapping but you may use $_GET approach, check this artilce, written about pretty url but you may find more on the internet, also look this article for user input sanitation.
I have a form that a user fills out, which submits information to my mysql database. On submission, my php code creates a url based on form data that was submitted and a unique ID. Rather than having a new webpage populate my web directory based off of the generated url, I would like to point that url to something similar to a "profile" page.
So my php creates a link after a user has submitted the form that looks like this: http://localhost/State=ALCity=SeattleEvent=eventSubject=titleID=135
This link gets stored inside my table along with the data that was submitted by the user. I've read that storing a url inside a table isn't practical, however for my purposes the table data will expire and get deleted within a certain amount of time.
In short, I'd like to be able to have a user click the link which will pull up data that was submitted. Can I grab data from the url to pull that information up for the user? Or will I need to change my setup that's already implemented? I can explain further if needed :)
If I get you right, this is a classic case for the mod_rewrite extension of Apache (since you mentioned .htaccess, I think you use Apache as webserver). With this mod, you can filter parts of the url and send it to your php script as normal $_GET parameters.
You will need something like this in your .htaccess (just out of my mind)
RewriteEngine on
RewriteRule ^State=([a-zA-Z0-9]+)=SeattleEvent=([a-zA-Z0-9]+)=titleID=([0-9]+)$ profile.php?state=$1&event=$2&id=$3
What this is actually doing, is that the Apache checks if the current requested url match the regular expression of this rule. If that is the case, it will call the profile.php and pass the "dynamic" part of the url as $_GET parameter (using the backreferences).
For further information, I recommence the official mod_rewrite documentation, the mod_rewrite guide and this nice tutorial.