My first stab at this so please don't laugh! I've created a session variable to allow users to switch between UK and US content on the same site (UK default).
<?php
session_start();
$_SESSION['territory'] = 'UK';
if (isset($_SESSION['territory'])){
echo 'Session is set to '.$_SESSION['territory'];
}
else{
echo 'Session not set yet';
}
?>
All good so far. I now need a couple of links to set this variable when users click either UK or US. All I can Google is setting variables via forms, with nothing helpful about setting via a plain old href. Can anybody steer me in the right direction? Much appreciated.
You can append ?lang=UK to the url, then the $_GET['lang'] variable will be available in your code.
For example:
switch($_GET['lang']) {
case 'UK': case 'US':
$_SESSION['territory'] = $_GET['lang'];
break;
default:
$_SESSION['territory'] = 'UK';
}
if you want to set session variable with help of click of link. You will have to use ajax, when you click on a link you can call a javascript function this function can then in turn make a ajax hit to a php file and then this php file can set the session variable.
Firstly, you can do this with just a cookie (no session necessary).
That being said, just create some links to a uri, say: /set_territory.php?cc=UK
and so forth.
set_territory.php can then set the territory via $_GET['cc'] and redirect the user to the appropriate content.
I had the same problem - i wanted to pass a parameter to another page by clicking a hyperlink and get the value to go to the next page (without using GET because the parameter is stored in the URL).
to those who don't understand why you would want to do this the answer is you dont want the user to see sensitive information or you dont want someone editing the GET.
well after scouring the internet it seemed it wasnt possible to make a normal hyperlink using the POST method.
And then i had a eureka moment!!!!
why not just use CSS to make the submit button look like a normal hyperlink???
...and put the value i want to pass in a hidden field.
i tried it and it works. you can see an exaple here http://paulyouthed.com/test/css-button-that-looks-like-hyperlink.php
the basic code for the form is:
<form enctype="multipart/form-data" action="page-to-pass-to.php" method="post">
<input type="hidden" name="post-variable-name" value="value-you-want-pass" />
<input type="submit" name="whatever" value="text-to-display" id="hyperlink-style-button"/>
</form>
the basic css is:
#hyperlink-style-button{
background:none;
border:0;
color:#666;
text-decoration:underline;
}
#hyperlink-style-button:hover{
background:none;
border:0;
color:#666;
text-decoration:none;
cursor:pointer;
cursor:hand;
}
#hide{visibility:hidden;width:0px;}
Related
I am new to sessions, and think I get the basics of them, they seem to act like containers holding information which you can use on at a later stage and are linked to your UID.
I am wondering how I would save the ID of a page (example ID123) on the click of a button, and what exact code I'd have in the header.
Much appreciated in advance!
EDIT:
This is on wordpress, sorry to add this, each page has an 'event ID' I want this to be stored for use later (at a kind of checkout page) sorry for not adding this!
Saving page ID within $_SESSION
session_start();
$_SESSION['pageId'] = (int) $_GET['ID'];
Now you can use $_SESSION['pageId'] to get its value where you need.
Make sure to put session_start(); at top of your script where you use session-related functions or $_SESSION array.
To unset it when you don't need it anymore, you would do:
unset($_SESSION['pageId']);
session_destroy();
session_regenerate_id();
update
On button click you would do something like this:
var btn = document.getElementById('btnId');
btn.onClick = function() {
window.location = 'saveSession.php?id=xxx' // replace xxx with your id value
};
Now in saveSession.php you wll have to use code like shown above for storing it in session.
You can also use Ajax though.
In wordpress you cannot pass custom url parameters. So you cannot send something like
http://yourwordpresswebsite.com/?custom_param='value'
WOrdpress doesnt allow it. SO if all you want is a Post ID or a Page ID. It is easy to grab in wordpress. Do:
$val= $post->ID
Thats it and $val is set. The way I do if I have to send any custom parameters to a different file is by sending it as a form variable. There might be better ways but I am new to Wordpress and php too. So this is what I do:
<?php
echo "<form action='php_file.php' method='post' name='form_name'>
<input type='hidden' name='eventid' value='$event_id' />
<input type='submit' name='submit' value='submit'/>
</form>";
?>
If you want this to be your session info you can just add it in your php file where you are collecting the above fields.
session_start();
$_SESSION['pageId'] = (int) $_GET['eventid'];
/* Do not forget to check if the get variable is clean before you perform any operations, use mysql_real_escape_string(). It is a very important security measure. */
This might not be the best approach as I told you I am new to wordpress too.
so what I would like to do is have a link on an external website (example: externalsite.com) that will go to mywebsite.com/page.php, and I need to make it so ONLY clicking on the link from externalsite.com will allow you to access mywebsite.com/page.php.
The user cannot simply type it in their browser to get there, how would I go about doing this?
There's not a way to do this in a 100% secure manner. The browser typically sends a Referrer header with each request specifying where the use came from, but this is easily faked.
If possible, I would suggest having the externalsite.com issue a request to an authenticated web service on mywebsite.com for a token which is appended to the link with a reasonably short expiry time (long enough to allow the user to click on the link, but not so long that it can be shared around). Then, when the page on mywebsite.com loads, it should check for a valid token.
Given that no method is 100% secure, I'll show you a very easy, overtly insecure method that will work in any framework because it's pure JavaScript. Keep in mind that this is designed to work only as a general rule and is in no way "hacker proof".
Simply add this script to your mywebsite.com/page.php. It will redirect any request that isn't referred by a page on externalside.com.
var referrer = document.referrer;
referrer = referrer.toLowerCase();
if (referrer.indexOf("/externalsite.com") == -1) && referrer.indexOf(".externalsite.com") == -1) {
window.location.href = "http://mysite.com/accessdenied.php"
} else {
document.findElementById("myBody").style.display = "block";
}
To get around the whole "if you disable JavaScript, this doesn't work, you idiot" dilemma, add id="myBody" style="display: none;" to your page's <body> tag: the page will not be displayed unless JavaScript is enabled and validates the referring URL. Also, I'm not an idiot.
There are several ways to bypass this method: spoof the referring url, use FireBug to remove display: none, view the source of the page and recreate it on your local machine, etc. This method is more of a deterrent than a security feature.
You really can't make it 100% secure, and (probably) definitely not with a link (unless you use JavaScript to submit the form with a link in method 1 below). But there are some ways that might work for you.
Method 1
You could submit a form to the page with a button (and thats it - just the button) and then on the page, check if the correct form was submitted. But this is still not foolproof.
External site:
<form action="http://mywebsite.com/page.php" method="post">
<input type="hidden" name="pagesecuredsdjp91dx9x8yhr4kbbki" />
<input type="submit" value="Click here" />
</form>
Top of page.php:
<?php
if(!$_POST['pagesecuredsdjp91dx9x8yhr4kbbki']) {
die("Sorry, you cannot access this page.");
}
else {
//continue page
}
?>
I don't think you can just make a link do this.
Method 2
Pass a variable in the URL, but this is not recommended as the user could add it in the URL to get in.
Top of page.php:
<?php
if(!$_GET['securedpageaccess']) {
die("Sorry, you cannot access this page");
}
else {
//continue page
}
?>
External site:
Cick here
The random characters in the URL is just something put in there and isn't mandatory.
I recommend using the first method if you use either of them.
I hope this helps.
I've dealt with a system before that provides a link for the partner site, this link is used to generates a new temporary link for the user to be redirected to.
the first link (not the temporary one) can only be accessed by authorized IP addresses. This means only the partner site site can use the link.
Newby here.
Could someone show me an example of the code needed to do the following:
User pushes a button on my web site (there is no information for him to input, and no form, he just clicks on a button). I have found the following code on another post, but don't know if it is correct (I am also getting a syntax error on it):
<form action="php_file.php"><input type="submit" value="Click"></form>
The author of the above code said "Insert your PHP-Code into the file php_file.php and click the button, your file will be opened. Insert header("Location: html_file.html"); at the end of your php-file to get back to the page."
This click of the button needs to instigate the programming to grab the current URL and previous URL and insert them into the mysql database on my server. I have "PHP_SELF" and "HTTP_REFERER", but still need to get the results into mysql.
I would like to do this using only html, PHP and mysql, if possible.
Thanks to everyone for any help!
if your first file happen to be a PHP one, write this HTML form there.
<form action="php_file.php" method="POST">
<input type="hidden" name="previous" value="<?=urlencode($_SERVER['REQUEST_URI'])?>">
<input type="submit" value="Click">
</form>
and then in the php_file.php
<?
$current = $_SERVER['REQUEST_URI'];
$previous = $_POST['previous'];
though both variables will contain only partial url, without host name, schema and, possible, port. it's usually enough but if you need these absent parts, you'll have to add them manually.
as for the writing info into database and particular PHP syntax rules you have to find yourself a tutorial, because this site is devoted to answering questions, not online education nor doing someone's job for free.
With PHP, you can manage it with cookie session, first thing you'll need to do is start a session and then define the space where you'll store the URL information e.g: $_SESSION["url"]
session_start();
$_SESSION["url"]=$_SERVER['REQUEST_URI'];
And whenever you want to go to that particular page, add the header:
header('location: ' .$_SESSION["url"]. '');
Current:
$currentUrl = $_SERVER["PHP_SELF"];
Previous:
$previousUrl = $_SERVER['HTTP_REFERER'];
Note that some users may have browser preferences set that keep $_SERVER['HTTP_REFERER'] from being set, so it's possible that it would come back empty.
How to check if the user has entered the page by clicking on the button and not from copy pasting the URL ?
For example, if a user has clicked on Register I want him/her to go to that page only by clicking the Register button and not by copy pasting the link.
Also, is it a good practice to give the page name on the address bar or should I have to hide the page. If I am hiding the page will I be able to do that ?
For example, if localhost/projname/register.php. I don't want people to see the register or login or about or anything on the address bar except localhost/projname.
Maybe check if he used $_POST, something like:
<?php
if($_SERVER['REQUEST_METHOD'] == "POST"){
// do ya thing
}
else
{
?>
<form action="index.php" method="post">
are you sure? <input type="submit" value="yes">
</form>
<?php
}
?>
You can use the HTTP_REFERER data of the $_SERVER reserved variable to see where did the user come from.
if(empty($_SERVER['HTTP_REFERER'])) {
// if we are here, the user copy pasted the url.
}
As for your second question, you can't totally "hide the page" like you're suggesting. The web server must know which page to show, so the browser must know has well.
You can however obfuscate the page name. For example you can call the page "sfhjgdjkfg" so the user won't be able to know that this is the "registering" page. But I think it's really a bad idea, why in the first place want you to hide this ?
One method is to use $_SERVER['HTTP_REFERER'] to verify that they clicked a link from your site, but this method isn't fool-proof as many Firewall and Anti-virus suites will remove the Referrer information.
A better method would be to generate a temporary session token on the pages of your site, and check for that token when the Register page is opened.
If your form uses POST parameters, the browser will pass on some POST data. You could then check
if (empty($_POST)) {
//didn't click the button, just went straight to the url
}else{
//did click the button
}
I have the following problem... I want to set a session variable when clicking on a normal link like:
home
My research seems to point out that it is not possible for PHP to catch up with the click event in a such a way that it would set a session variable.
I believe it is possible with Ajax, but how? And what would my link look like?
Setting the session variable should look like:
$_SESSION['link'] = home;
So in short: When clicking on a link in HTML, a session variable must be set.
HOW am i going to do that?
PS: I'm not quite familiar with Ajax, but I'll catch up.
EDIT: The links will refer to the same page, also i want to avoid urls like "home.php?link=X".
If it isn't possible to do it any other way, too bad. But I'll hope there is a solution.
Important: the name of the link will be the value of $_SESSION['link']
session_start();
if(isset($_SESSION['current'])){
$_SESSION['oldlink']=$_SESSION['current'];
}else{
$_SESSION['oldlink']='no previous page';
}
$_SESSION['current']=$_SERVER['PHP_SELF'];
Maybe this is what you're looking for?
It will remember the old link/page you're coming from (within your website).
Put that piece on top of each page.
If you want to make it 'refresh proof' you can add another check:
if(isset($_SESSION['current']) && $_SESSION['current']!=$_SERVER['PHP_SELF'])
This will make the page not remember itself.
UPDATE: Almost the same as #Brandon though...
Just use a php variable, I know this looks like a security risk, but when done correct it isn't.
Register Now!
PHP:
if(isset($_GET['a']) /*you can validate the link here*/){
$_SESSION['link']=$_GET['a'];
}
Why even store the GET in a session? Just use it.
Please tell me why you do not want to use GET. « Validate for more security.
I maybe can help you with a better script.
I had the same problem - i wanted to pass a parameter to another page by clicking a hyperlink and get the value to go to the next page (without using GET because the parameter is stored in the URL).
to those who don't understand why you would want to do this the answer is you dont want the user to see sensitive information or you dont want someone editing the GET.
well after scouring the internet it seemed it wasnt possible to make a normal hyperlink using the POST method.
And then i had a eureka moment!!!!
why not just use CSS to make the submit button look like a normal hyperlink??? ...and put the value i want to pass in a hidden field
i tried it and it works. you can see an exaple here http://paulyouthed.com/test/css-button-that-looks-like-hyperlink.php
the basic code for the form is:
<form enctype="multipart/form-data" action="page-to-pass-to.php" method="post">
<input type="hidden" name="post-variable-name" value="value-you-want-pass"/>
<input type="submit" name="whatever" value="text-to-display" id="hyperlink-style-button"/>
</form>
the basic css is:
#hyperlink-style-button{
background:none;
border:0;
color:#666;
text-decoration:underline;
}
#hyperlink-style-button:hover{
background:none;
border:0;
color:#666;
text-decoration:none;
cursor:pointer;
cursor:hand;
}
In HTML:
home
Then in PHP:
if(isset($_GET['link'])){$_SESSION['link'] = $_GET['link'];}
Is your link to another web page? If so, perhaps you could put the variable in the query string and set the session variable when the page being linked to is loaded.
So the link looks like this:
home
And the homge page would parse the query string and set the session variable.