Check when page changed - php

I'm new here, also a novice programmer, and not really familiar with PHP. I don't even know the name of some of the techniques I used when building my apps. I'm sorry for that, but I'll try to explain the best I can.
So I'm building a web apps with PHP / AJAX right now, and I've got to the point where some users (with their own privilege) have their own home page, which shows notification for them when something new happened in the system. I think I used the "get" method from the url to determine which page is the user in right now.
Here's a simple illustration :
A user with "Staff" privilege logged in, and then redirected to his home page. (http://localhost/apps/staff.php)
He open the notification page, and the url changes to : "http://localhost/apps/staff.php?cmd=notification"
I don't know the name of the technique, but here's how I do it : I get the cmd value using "$_GET['cmd']" and then pass it onto a function that checks what page to display.
The problem is, I want to delete the content of notification table and move it to the history table when the user leave the page so only the newest notification will shows. So I think I need to know when the user leave (move) to another page, or when the cmd value change. My question is, how ?
Ps. I'm still a student on a university so this is my homework. Please just point me on a direction and/or clue rather than write the code for me (and a clue to the name of that "get" technique is welcomed :p). I know I still got a lot to learn, but english is not my native and I've tried google and stackoverflow with no result (I believe it's because of my bad english and not knowing the name of the techniques I used).

Use a cookie to track the status of the notification.
See this thread for more info: Best way to show an admin message to certain users?

You can check if user went to notification (after his default user page) page like this:
if (isset($_GET['cmd']))
{
// delete old notifications
// and move to history table
// show new ones now
}
This checks if query string value cmd is there, he has moved to notification page.

Related

How to generate a PHP form for each (unique) redirecting URL?

I'll try to be as brief as possible regarding what I'm trying to accomplish:
Lets say I'm sending a message via SMS & Email to 5000 contacts (but I wish this to work for even only 10 or 1.000.000, no matter the volume).
In this message, I'm promoting an event like, say, a dinner party at some fancy place. Everyone who received this message is invited.
Every message contains an URL, linking to a landing page dedicated to the event. This page is responsive, it opens with a nice pic + some text, basic information and a PHP form to answer the invitation.
This form has a few fields. In this example, let's say:
Are you coming to the party ? (answer to choose from : "Yes" or "No thanks").
Will you be accompanied ? (answer to choose from : "Just me" or "+1", "+2").
Anything else you'd want to let us know ? (free typing field).
[SUBMIT]
Each URL link in the messages sent are actually UNIQUE redirections, each one belonging to 1 of the 5000 contacts reached.
Each contact received his own link on both the SMS and the email.
All of this means that in the database I use to send the messages, each contact has been attributed a redirection/short URL.
This way, I can very well know who even just opened the landing page, without needing to ask the openers to fill any information.
I just know that, for example:
Mr. Skywalker is http://website.com/dinnerparty/01
Ms. Organa is http://website.com/dinnerparty/02
Mr. Solo is http://website.com/dinnerparty/1138
Mr. Calrissian is http://website.com/dinnerparty/4469
And they all redirect to http://website.com/dinnerparty/
So far so good, right ?!
Now here's the tricky part...
What I need you guys to help me with, is how to "link and lock" the PHP form on the page to these unique URLs.
Basically, when Mr. Calrissian clicks on /4469, I want him to be able to click "Yes" (I'm coming to the party), "+2", [SUBMIT].
Once he submitted that, if he refreshes the page, he can no longer submit the form. Instead, he sees a message like "Your answer has been received, thank you !"
The page is essentially the same for everyone in the contact list, but as it's HIS link, it's HIS form that shows.
After that, I need to be able to retrieve these informations (the choices he made).
I know this can be done because I came across this kind of process before. I just don't know how to reproduce it! I'm not a programmer, just a noob trying to learn "by myself".
So far, I think I have to somehow give and ID to each of the 5000 forms and I just guess the information saying 'this URL = this form' is gonna be contained in the URL, that will look something like 'http://website.com/dinnerparty-356a192b7913b04c54574d18c28d46e6395428ab'
Does all this ring any bell ? My enquiries so far (playing with keywords "PHP" & "URL") just taught me how to transfer informations from a contact form to the content of another page with the GET array, but it's not what I need.
So if you got any clue, any lead regarding how to realize this, I'd be grateful!
Thanks for reading, any help will be much appreciated!
PS: sorry for bad english ;)
First things first, don't use incremental ID's. This is prone to what's known as a sequential number attack. Use UUID's instead. Otherwise, a guest could enter the next/previous/random ID and possibly RSVP for another guest. This is bad news for you, but great for an attacker (they'll be doin' it for the lulz... this could cost the victim big $$$, such as buying unnecessary dinners, for example). See https://www.youtube.com/watch?v=CgJudU_jlZ8 and https://www.youtube.com/watch?v=gocwRvLhDf8 for some good explanations.
Secondly, you should maintain the UUID in the URL, such as http://website.com/guest/123e4567-e89b-12d3-a456-426655440000 -- using a script or something like .htaccess, you can pickup the UUID and pass it to a single script. For example:
RewriteEngine On
RewriteRule ^/guest/(.*)$ /my-form.php?id=$1 [L]
From there, in your my-form.php, you can check to see if $_GET['id'] exists, and then validate it (does it exist? Has it previously been submitted? etc). If it validates, you can then display the form as usual and post to self (with the UUID in the url, still). On submit, you validate the ID again, and process the submission.
Then, on subsequent page loads, you can deny the form from being submitted again... or conversely, allow users to EDIT their response. Maybe they'll no longer be a +2... but the use case is up to you, some RSVP's don't allow edits after X date... so keep this in mind.
--
Now, to discuss mass SMS/Email services, you would want to have a database of users already. In order to send unique links, you'd just need to do what's known as a "Mail merge" (or merge tags, etc)... Basically, you would have the URL in the newsletter/message like: http://website.com/guest/[guest_id] and the mailmerge would replace [guest_id] with the UUID in your database.
There are plenty of mail/sms mass mailing services out there, so I don't need to list any. Pick one that has an API and fits your requirements.
Hope this helps. Good luck :)

Creating a website setup 'wizard'

I am looking to create a setup for my website that a webmaster can complete to setup the required features of the webserver, such as the database, an administrator account, etc.
What I have planned so far is a $_GET variable will automatically be assigned (if not already!) to the user, the $_GET variable will be called something such as $_GET['step'] to represent what step the user is on. This will also allow me to easily display the specific form(s) for that specific step. For example, display the 'Database Setup' form on step 1, but then on step 2 display the 'Create an Administrator' form. I would do this by using switch statements.
However, if there was an error with the information that the user has given, such as a connection cannot be established with the given information, how would I check the information that was inputted and then display an error to the user, forcing them to change the information in the form, if they have been redirected to step 2 when they submitted the form?
Thanks,
Kieron
EDIT: Here is a Pastebin link to what I have so far: http://pastebin.com/Y6YSTrgR
I couldn't put it directly in this post as it wasn't formatting properly.
You've not shared enough technical detail for this question to be helpful, however if I understand you correctly then you could save each step into the session so that you can go back if necessary. This way you could persist the data if the user finishes the last step. If the user doesn't finish the last step, nothing has changed on the server.
Really you need to tell us more about the system, such as which framework you're using (if any) and describe more about how the overall process should work.

Is there a way to save a "Client ID" trough PHP?

I have to build a (PHP based) landingspage that is used on WIFI access points (HP Aruba). The requirement would be: "If already filled the form for access, just show www.google.com (without loging in or something), if not, show them the form".
I would have done that by registering their MAC adresses, but I found out that was impossible trough PHP.
Do you guys have any idea of how I could achieve this?
Thank you already !
Easiest way is probably setting a cookie that 'this' user has been authenticated and redirect them to another page.
Another possibility can be https://github.com/Valve/fingerprintjs2 that allow you to create a 'fingerprint' of a user. This you could save in your backend and compare it next time the users comes to your page.
EDIT, I linked to fingerprintjs, but there is a new version, fingerprintjs2

PHP Web Application Design Basics

I am making a twitter application using PHP. Please excuse me if this question is elementary. In my application, the initial landing page (index.php) contains code for login/oauth. If the user logs in successfully, should I load a new page altogether or simply echo html that renders the user's profile page. For example:
if(login success)
{
load a file that renders selected user's profile page
}
or something like
if(login success)
{
echo html that renders a profile page.
}
If I understand correctly, you're trying to decide what to show the user once they log in. Rather than think what you should show them, what does the user want to do right away? Why do they use your site? If users want to see their profile right off the bat, then do that. If they want to see feed activity, show them that. To start off, you may want to create a simple page that acknowledges they are logged in and give them their major options. Track what users click and see what that tells you. If the vast majority use feature X immediately, then consider loading feature X first. If the users are all over the map, let them pick what they want to do, record it as a preference in their profile, and load that automatically.
In the end, the best thing to show a user when the log in is the first thing they most want to see. :)
I'd recommend looking into the use of some sort of PHP MVC framework.

Should I use sessions for "LOGINS" on my site?

I have a classifieds website, where anyone (no need for login currently) can post a classified. It is PHP based.
The procedure for posting is currently like this:
click on "New Classified" --->
fill in a form of all information and hit "View classified before publishing it" --->
the form submits to a "verify classifieds" page, where users verify their inputs --->
If everything is okay in the "verify" page, then the user hits OK and the classified is published.
The above procedure isn't exactly optimized. The first page (new_classified) where the form is, is pretty good, but the second page (verify) uses x number of hidden inputs in another form, used to contain the previous pages form inputs.
Now you know how it works on my site.
The issue today is that alot of companies want to publish their classifieds, and alot of classifieds at the same time. This means they have to fill out the form again and again currently.
I am thinking about creating a login, for companies only, so that their information is automatically inputted into the form, so all they would have to do is fill out the specific classified details like "headline" and "description" etc.
How should I do this in my case? Sessions?
This means I will have to create a new MySql table (I use MySql mainly) and store company-profiles there.
So do you think converting to sessions is alot of work? Worth it? More reliable?
I have never used sessions so I wouldn't know.
As a last note, you should know that I use a picture upload tool on the first page of "new_classified". When a user choses a file to upload, the page is automatically *refreshed*, and then the image is displayed on the same page under section "images uploaded". I hope the session wont interfere with this approach.
Thanks
I think it is worth your while to do logins, and even on a very basic level it will help you to identify who is using your site etc.
This is probably a big debate around developers, what is the best way to do a good login system, whether it's basic or not doesn't matter, I think the concepts still stay the same.
In your case I would suggest session cookies along with a login table consisting of user details. This would help you to verify the user on more than one occasion during his/her visit to the site.
A login is checked against a user entry in a table and then a session cookie is created. This session you can choose to never expire also.
You can then on every step check that the user is the user that is supposed to be logged in and get the companies details by checking the username. This would make for a better query in my opinion.
Sessions aren't a lot of work and it's relatively easy to learn.
http://www.php.net/manual/en/book.session.php
http://www.9lessons.info/2010/02/php-login-script-with-encryption.html is a good example of what you can do with this. Have a look around still. There are a bunch of these great tutorials on the web.

Categories