I need to make sure users don't go to the download page unless they fill out the form on the register page. I need help inserting a session variable into the submission script, something like
$_POST['authenticated'] = 'yes';
Then on the download page require this:
<?php
session_start();
if($_SESSION['authenticated'] !== 'yes') {
header("Location: http://domain.com/default.php");
};
?>
I need to make them successfully fill out the form - then add it to the session - then once on the page - purge the session info but don't know how
I need a push in the right direction on how to require the form to be filled out in order to get to download page.
EDIT
on purchase-registration.php (form) I added this
$authReq=$_SESSION['authReq']=rand(1,65535);
and in the form(s) on that page I added this
<input type='hidden' name='authreq' value='<?PHP=$authReq?>'>
In the processor script (form submit) I added this:
"$authReq = $_POST["authReq"];"
and on the final page, the download-software.php which Im trying to restrict access to I added this
<?php
session_start();
if($_SESSION['authReq']==$_POST['authReq']) {
header("Location: http://kinetick.com/V3/download-free.php");
};
?>
no joy, is this incorrect?
thx
The way I usually handle that is:
on the page that renders the form:
$authReq=$_SESSION['authReq']=rand(1,65535);
on the form:
<input type='hidden' name='authreq' value='<?PHP=$authReq?>'>
and on the submitted page
if($_SESSION['authReq']==$_POST['authReq'])....
Related
I have a form where the user will input a bunch of data. It is set up like this:
<form action="add.php" method="post">
This makes it so that when I click my submit button it will go to the add.php page. add.php however is a blank page because it only runs some SQL queries and does nothing else.
I want it so that when I click submit, the information is sent one place and the screen goes to another. My button is set up like this:
<input type="submit" value="Submit">
Just to make sure I am explaining the issue correctly, when I click submit I want the data from the form to go to add.php, and the browser to display a different page rather than displaying the add.php page, which is what it is doing right now.
The solution is easy, send data to add.php, in the end of your process. redirect to another page, let's say page.php
on your add.php
<?php
/// do you mysql stuffs here
header('Location: page.php');
?>
Here is two solutions :
Asynchronous solution
Use Javascript and ajax to send the data to add.php asynchronously and redirect the user to the page you want.
This solution might be not a good one, because the process result of add.php is ignored (if you redirect the user before getting the result)
Synchronous solution
Redirect the user to add.php, then, redirect the user to the page you want at the end of the process.
After your SQL Queries are done on add.php you can use the header function and pass your data via get-method:
header("Location: nextSite.php?key=value"); //Replace key and value with whatever you want
we can use a session or cookie in PHP.
Session:
//On page 1
$_SESSION['name'] = $formvariable; // You can use document.getElementById('form input
name')
//On page 2
$var_value = $_SESSION['name'];
Using include method
//On page 1
This page has a form without submit button
//On page 2
This page has a submit button
so we include page 1 something like this.
EX:
vars.php
<?php
$color = 'green';
$fruit = 'apple';
?>
test.php
<?php
echo "A $color $fruit"; // A
include 'vars.php';
echo "A $color $fruit"; // A green apple
?>
I hope this will help you to solve your issue- thanks!
I am making a page that has a bunch of fields that allows the user to enter in information and submit it to a database. This page is called 'add.php' I created a 'form' tag and had the information posted to another page called 'process.php' where the information is collected, then inserted into the database. I want the user to know whether it was successful or not, so I was wondering how to tell the user something specific on the 'add.php' page. like "insertion successful!" at the top of the page.
I thought of including the 'process.php' code in 'add.php', then calling the 'add.php' in the action of the form, but the code gets called the first time the page is loaded, which inserts a completely blank entry into the database.
Should I implement some sort of flag that is only set to true after the 'submit' button is clicked? Or is there another way to update the page and tell the user the status of the insertion?
I can paste the relevant code as needed. :)
Thanks!
Assuming that you are using the post method in your form and php, you can simply check if a post was made:
if ($_SERVER['REQUEST_METHOD'] === 'POST')
{
// form was posted, process and display output
}
else
{
// nothing was posted, normal get request, show form
}
just check if query worked well. If no exception was thrown, it mostly has, and the add appropriate message with output.
First you need to check and handle errors
try
{
}
catch(Exception $e){
header('Location:oldlocation.php?succ=0')
exit();
}
header('Location:oldlocation.php?succ=0')
exit();
If all goes well, you can also redirect to a new location(as shown in code). This has to be done properly, you may redirect back to the old location, with additional data like
oldlocation.php?succ=1;
If anything goes wrong redirect to
oldlocation.php?succ=0
Then fetch the succ using $_GET["succ"] and print appropriate message.
If you din get, comment.
Here's what I would do...
Keep your processing data in one file, and include the form file at the end
//add.php
//if the form is submitted make the database entry
if(isset($_POST['foo']) AND $_POST['foo'] != '')
{
//code to process form submission
$success = 'success!';
}
//include the form
include addform.php
in addform.php put your form. Include an 'isset' that is watching for $success to alert that the entry was successful
//addform.php
<?php if(isset($success)){ echo "<h2> Data successfully entered! </h2>";} ?>
<form action='' method='POST'>
<input type='text' name='foo' />
//etc
</form>
So once you submit the form, the code starts at the top of add.php - the 'isset' sees the $_POST submission, runs the form submission code and sets the success variable. Then, it includes the form page. The form page has an 'isset' that is watching for the success variable. When you first navigate to the page, or if you refresh, the add.php code will skip the first code block (the form submission stuff) and won't make a database submission or set the success variable.
I have a questionnaire in a form. In the end of it the submit button is pressed that is supposed to call a .php file that inserts data into a database through its action information and afterwards show the last page that contains something like "thank you for participating etc." via the onsubmit info.
problem is that the last page is shown before the .php file is shown which means it is visible only for like half a second and then the php script is carried out which ends up showing a blank page.
The php script works it inserts data into the questionnaire correctly so there should be no mistakes syntax-wise.
any ideas if I have to exit the cript or something and return to the .html file or what could be wrong?
on your opening form tag add action="submit.php"
then once it goes to that page when the submit button is hit add this to the bottom of that php page:
header("Location: successfull.html");
IT sounds like what youre doing is showing the message with Javascript via the onsubmit event - this happens before the request is even set to the server and the php script. Youd either need to do an ajax form submission and then display the message when the request completes or make the php script redirect to the success message page when it is done.
But this is all just speculation without seeing any code... you should post some :-)
Why not submit the form to process.php then process it:
if(isset($_POST)){
$name = $_POST['name'];
// etc etc
// if all error checks pass, then echo out - thanks for taking part in our survey!
}
What you're doing is submitting it, and it seems you're getting javascript to say 'thank you' but it is being submitted before this thank you message can be displayed - no harm in echoing this out on your .php page!!
Update
You mention about redirecting to a page afterwards, but this can be done by:
header("Location: where/to/go.php");
exit;
But you can't do this with the above (echoing out a success) since it will redirect straight away.
The way I deal with this is putting the html contents into the php file.
<?php
if (!isset($_POST["submit"])) { // if page is not submitted to itself echo the form
?>
<html>
<head>
<title>survey</title>
</head>
<body>
<form method="post" action="<?php echo $PHP_SELF;?>">
...... (your form) ......
<input type="submit" value="submit" name="submit"><br />
</form><br />
</body>
</html>
<?
}
else {
$db = new PDO('...');
$db->exec(...);
echo "Thank you!";
}
?>
A few ways you could accomplish that.
You could make the php file it submits send out the data for the "thank you for participating" page (if you're fine with simply going to another page).
Alternatively, if you want to stay on the same page but just show the "thank you" notification, I would use JavaScript to disable the default action (e.preventDefault(); in the event handler) for the "submit" button on the forum, then also use JavaScript to use AJAX to submit the data.
An example (using JQuery), which won't change your page and perform the submit in the background, and display the "thank you" when done, on the current page.
$("a#confirmSubmit").click(function(e) {
e.preventDefault(); // Prevents the submit button from changing pages
data = {
Name: $("input#Name").attr("value")
// Add other data here also
};
$.post("/page/to/submit/to.php", data, function(d) {
//Write the code here to show the "thank you" notification.
//It will show upon completion here.
});
});
If you want to check for errors with inserting into the DB, you could check the value of the data of the AJAX call, to conditionally show the error. You can then return the user to the exact same form they were already on, with all the data still there, and show them an error message.
This is my code for my submit button. Once data submitted to mysql i want it to redirect to page.html.
<form name="gender."; action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post" >
I have added
<?php
header("location:page.html");
exit; }
<?
to the very top of my form page. However it just loads page.html rather loading after submit button is clicked.
1) Please don't use PHP_SELF, it is vulnerable to exploitation. If you want the action to be the same page, just leave it empty.
2) The header(), which I assume is at the top of the page since it works, has no control on it.
EDIT1: Expanding based on question in comment below.
3) The header() directive will forward the browser to the new page and stop any further processing. Because of this, all the MySQL processing should be complete before redirecting.
4) The $_POST array gets the key names from the name attribute of the inputs, so be sure that your <input type="submit" name="submitbtn" ... matches the $_POST['submitbtn']
<?php
if(isset($_POST['submit'])){
// MySQL stuff goes here
header("Location: page.html");
exit;
}
?>
you'll have to add the condition before header to check if data is submitted or not.
eg:
if(isset($_POST['btnname'])
{header("location:page.html");
exit; // this is unnecessary
}
Also, if you want to use form for submission, you'll need to post it on page.php.
as this code will redirect the page without saving the form's data anywhere.
My main suspect is that your PHP is set up to suppress warnings and errors. Turn them on in the php.ini file and see what the message is.
Most likely it will say something along the line like "html headers cannot be sent as there is already output in line so and so..."
The PHP hear function cannot work if there is any output already echoed from the page.
<?php
ob_start();
error_reporting(E_ALL & ~E_NOTICE);
if(isset($_POST['button'])){
header('Location:page.html');
exit;
}
?>
Can you modify the code like this ?
I have the following code on my site (using php and smarty) to try and avoid a form resubmitting when I hit f5:
if ($this->bln_added == false) {
if (isset($_POST['submit'])) {
$this->obj_site->obj_smarty->assign('title', $_POST['tas_heading']);
$this->obj_site->obj_smarty->assign('desc', $_POST['tas_description']);
}
} else {
$this->obj_site->obj_smarty->assign('title', '');
$this->obj_site->obj_smarty->assign('desc', '');
unset($_POST);
}
bln_added is false by default, but changes to true once the form is successfully submitted. The smarty variables title and desc are used in the template to keep the form content there in case there is a user error and they need to change what they entered.
If the form is submitted successfully it sets bln_added = true, so the second bit of code should not only clear the form fields, but also empty $_POST. But if I press f5 the post data is still there.
Any ideas?
Your method could work in theory, but there's a much easier way.
After submitting the form successfully, perform a redirect. It doesn't matter where to, but it'll clear the $_POST.
header('Location: http://www.example.com/form.php');
In your case, it sounds like you want to redirect to the page you're already on. Append a $_GET parameter to the URL if you want to display a confirmation message.
Hope this helps,
Tom
The solution is a pattern commonly known as Post/Redirect/Get
The best way to handle forms is to use self-submission and a redirect. Something like this:
if (isset($_POST)) {
// Perform your validation and whatever it is you wanted to do
// Perform your redirect
}
// If we get here they didn't submit the form - display it to them.
Using the CodeIgniter framework:
function index() {
$this->load->library('validation');
// Your validation rules
if ($this->form_validation->run()) {
// Perform your database changes via your model
redirect('');
return;
}
// The form didn't validate (or the user hasn't submitted)
$this->load->view('yourview');
}
You can rewrite your form-submit into AJAX-way. If you need to show HTML-content, return it in JSON-format and insert with JavaScript(jQuery for example.)
I solved this (in php) by:
in the form add a unique identifier (id+counter) not based on time() (!!!)
post to a separate file (postform.php) that checked for a session with that unique identifier
a) if session with unique identifier was NOT found: post to the database and fill session with unique identifier
b) if session with unique identifier was found: do nothing
after either 3a/3b redirect to result page with header('Location: http://mydomain.com/mypage')
Result is:
no resubmit actions on either refresh/backbutton and only resubmit warning on double click backbutton (but no resubmit action)
Use Header location after successful post action
header('Location: '.$_SERVER['HTTP_REFERER']);
It works for me if I use either header() or exit() at the end of my code, for example, after I save some data.
The best method I found is using javascript and css. Common php redirection method header('Location: http://www.yourdomain.com/url); will work but It cause warning " Warning: Cannot modify header information - headers already sent" in different frameworks and cms like wordpress, drupal etc. So my suggestion is to follow the below code
echo '<style>body{display:none;}</style>';
echo '<script>window.location.href = "http://www.siteurl.com/mysuccesspage";</script>';
exit;
The style tag is important otherwise the user may feel like page loaded twice. If we use style tag with body display none and then refresh the page , then the user experience will be like same as php header('Location: ....);
I hope this will help :)
the answer you are looking for is this magic one liner:
header('Location: '.$_SERVER['HTTP_REFERER']);
e.g
if(isset['submit']){
//insert database
header('Location: '.$_SERVER['HTTP_REFERER']);
}
Header redirect after post is necessary, but insufficient.
In PHP side after submitting the form successfully, perform a redirect. Eg. header('Location: http://www.example.com/form.php');
But it is not enough. Some users press links twice (doubleclick). A JavaScript is required that would disable submit button after first click.
Try my own one, maybe it isn't best solution (done quickly), but I've test it and it works. Tested on Chrome. Click to see how it looks BR
<?php
session_start(); // Start session
?>
<html>
<head>
<title>
Test
</title>
</head>
<body>
<form name="test" action="<?php echo htmlentities($_SERVER['PHP_SELF']); ?>" method="post">
<input type="text" name="name"><br>
<input type="submit" name="submit" value="Submit Form"><br>
</form>
<?php
if(isset($_POST['submit']))
{
$_SESSION['name'] = $_POST['name']; // Assign $_POST value to $_SESSION variable
header('Location: refresh.php'); // Address of this - reloaded page - in this case similar to PHP_SELF
} else session_destroy(); // kill session, depends on what you want to do / maybe unset() function will be enough
if(isset($_SESSION['name']))
{
$name = $_SESSION['name'];
echo "User Has submitted the form and entered this name : <b> $name </b>";
echo "<br>You can use the following form again to enter a new name.";
}
?>
</body>
</html>