Custom URL for each user in PHP - php

Is it possible to have a website where each user gets their own URL like:
www.thewebsite.com/myusername
I want each user site to be the same, the only reason the name matters is if a person visiting the site signs up, they get their own custom url, but the person they signed up under is kept track of as their "Parent".
So if I go to www.thewebsite.com/phil and sign up as David, then my site becomes www.thewebsite.com/david but Phil is kept track of in my user record. (i.e. is there a way for me to know which url they visited the site under)
So, really that's 2 questions:
1) How do I make custom urls per user
2) How do I know which url a new user visited from
I'm pretty brand new to PHP so keep that in mind.

You can implement this using the apache mod_rewrite.
Make a rewrite rule for something like:
^/users/($1) /users.php?userid=$1
In user.php file read the userid parameter, and return the page corresponding to given user.
As for racking from which user someone registered/logged-in to your site, you can keep a session value, such as the referencing userid, and when the new user registers, write to your db who referred him to your site.

Related

How to create "who is accessing the page" in codeigniter 3

I'm trying to make something, which is tell a user how many and who is (depend from username as example) accessing the same page with him/her.
Here's a little explanation about my case (to make it easier to understand).
for example :
I have 10 users.
I open home page (for example), user 1, user 3, or user 4 open home page too.
Home page will have a spot which is contain information something like
There are "4 Users accessing this page"
You, user 1, user to, etc. are viewing this page.
if there's simplest way to do that, i will be glad to use it, or if even i need to use library, what kind of library that i need.
thanks in advance.
I am not so professional but i can think of only one solution for your problem.
What we have to do is, we have to keep track of user (i.e. which page user is viewing). We have to use a database table in which you will keep the username and the page name user is viewing.
Every time user changes the page, you will have to update the entry in the table.
e.g. If user opens a page index.php, you will search in database table for, how many users are there with the page_name index.php?, you can easily show anywhere on your page.

Create a page that shows a user which pages they have been to using PHP

I was wondering if there was a way to create a page on my website that would allow for a user to view the pages in the website that they have been to. I have searched around to see if I could find a hint to where I could start from, but I came up empty. I have already coded a system where a user can sign up and log in, I just need a way so that they can track where they have been. Thanks
I won't go into full detail, as I cannot comment to ask how you would prefer, but an example using sessions would be such;
At the start of each page, you could do something as follows;
session_start();
array_push($_SESSION['pages'], "`You would put a user-friendly page name here`");
Or alternatively;
session_start();
array_push($_SESSION['pages'], __FILE__);
The above would store each page the user visits in a session named pages. If you wanted to, for say, receive the last five visited pages, you could then do something as such;
array_slice($_SESSION['pages'], -5);
Although this wouldn't be the most efficient and/or is just basic, it is the bedrock in which you could expand upon.
Another idea would be to log the page visits to a database. You could have a table names page_views or similar with id, user identifier and page as the columns, then following the above example to 'log' the page views to the database. You could then select from the database and limit to the last 5 records matching the user identifier, therefor receiving the five latest logged pages.

user profile page generation

I am developing a dynamic website using PHP. When a user of the website creates an account, a profile page should be created for that user. Say, a user called 'dev23' creates an account on my website, his profile should be accessible through the link www.mysite.com/dev23
How do I create such a thing? Should I create a standard page like userprofile.php which is populated with data specific to the username provided? Or should I create a permanent webpage for every user?
Please let me know the right approach to this porblem.
Is the www.mysite.com/dev23 meant to be public or only visible to the logged in user?
If it is only visible to the logged in user, you can create a myprofile.php file which retrieves the logged in user from the session and retrieves data accordingly.
If it is meant to be a URL that other users can hit, you probably want some sort of userprofile.php page with data passed along to identify the user to be viewed. For example, the url might be www.mysite.com/userprofile.php?user=dev23. If you are using Apache for your web server, you can look at using mod_rewrite to make the URL prettier. Thus, you could have the URL www.mysite.com/user/dev23 routed to userprofile.php?user=dev23 and your PHP processes the same. It is just a means of making URLs be more user friendly than a naked query string. This is common amongst many PHP-based CMS systems such as WordPress, Joomla, etc.
Ideally you should be creating a single file that handles all users.
Certain frameworks like SkyPHP allow this by defining the attributes after a valid page as "queryfolders" which can be used much like GET/POST variables.
If you are not using a framework, I might suggest you look into using one to simplify your tasks.
SkyPHP also has a functionality where a single field in a table can be used to pull this data simply by defining the page as _table.field_name_
It will check to see if there is a matching table and field to pull the data from and will automatically pull the id of the record whose field's value matches that of the url and assign it to a variable.
Example... If we have a table called category and a field named slug, one would create a page named _category.slug_.php
Then the url... http://mydomain.com/watches would look for "watches" in category.slug and pull back the identifier of the record as $category_id with $category_slug available also.
It would solve your issue if you are willing to give it a shot.
Again refer to the documentation here... http://switchbreak.com/skyphp

How a site can tell whether a user inserted their own values in the URL

I am very curious because I would like to be able to check this myself on my own site, as I am currently in the process of designing it. An example would be:
www.somesite.com/product.php?id=1356
When using Facebook, a user can change it and they get the user associated with this id. But in other sites, specifically Ecommerce sites, when I change it, it either fails or goes to the homepage.
There isn't any way to see if the user changed it. This is part of secure coding. From the server's perspective, you need to validate all of your inputs, and validate that the current user actually should have access to the resource they're requesting.
See https://www.owasp.org/index.php/Top_10_2010-A4 for some additional details and examples.
Facebook may seem to allow this only for the example that you've given because the user profile ID that you're attempting to access may be public to you. However, you won't have access to all other user profiles - only user profiles that you have permission to access. If you tried to access my Facebook profile ID, you would also see your access be denied here.
Since this is tagged as e-commerce, you should also be aware of the PCI DSS if you aren't already - where 6.5.4: "Insecure direct object references" applies specifically to this scenario.
When using Facebook, a user can change it and they get the user associated with this id. But in other sites, specifically Ecommerce sites, when I change it, it either fails or goes to the homepage.
Facebook does the same thing.
https://www.facebook.com/profile.php?id=102934810293841029348 goes to an error page titled "Profile Unavailable", because that ID doesn't exist.
You're likely just changing it to nonexistent IDs.
That works via $_GET method (or $_REQUEST)...
The reason you can change some site id (or any other parameter which is part of the url), and it works, is that because they programmed it to behave like that. It actually depends of how this url parameter is used in the background. For example, in product.php you will have something like this:
if(isset($_GET['id']) {
$id = $_GET['id'];
$id = filterid(id)..... and so ...
// Maybe check for id and redirect if id is not ok
// Maybe check for id and some additional secrete parameter ...?
// What is the id? What kind of behavior you want?
}
Reason why you have different behaviours across different websites - in dependence of url parameters (in this case "id") - is because different behaviours are implemented under different circumstances...
Some of them implement strict checks (especially for id's) because of the security!? For example, if you have page and you know that your id must be a number, and you know, that the max id in your database is for example 15000, you can write something like this....
if(isset($_GET['id'] && strlen($_GET['id']) <= 5 && isNumeric($_GET['id']) {
//if everything is ok you can execute your code here
}
else {
$id = 1; //if someone try to put something else in id, you will simply redirect him on first id(firs product)
}
That is just one example of behaviour. Now consider what else can be done? What do you want to do? How do you want it to behave? What kind of behaviour you will implement on your side - in dependencie of the parameters within the url is to totally up to you. User can follow up your logic on your web app by clicking on your predefined links - or he can manipulate with the url how ever he wants. You dont have possibility to check this. All what you can do is properly validate all of the inputs (no matter are they coming from the URL or some kind of post request)

Tracking internal link php

I want to set up a few internal statistics for one of my dynamic sites. The idea is to make available to each member of the site:
a) How many times the profile has been seen in the day (1 click = 1 ip = 1 view)
b) How many times the profile has been seen in the month (1 click = 1 ip = 1 view)
c) How many have left since the mail button "contact".
Before developing this in php, I wanted to know if you would not have a resource that these actions. It would save me some time.
Sincerely,
Well, you would just simply need to have a DB where you could save those statistics. Then, you would create a class with a few functions that save statistics to this DB. E.g.
function addPageview($pageIdentifier, $loggedInUser) {
// code to save to DB
}
Then, when a page is viewed (e.g. the profile page of someone), you do a call to this addPageview() with the correct page identifier (e.g. the URL) and the logged in User so you know who has viewed the page. You leave $user empty if there is no logged in user.
Good luck!
So if you want to increase your profile-views counter by 1, you can restrict this to do so every 24 hours by setting a cookie on the visitors computer with that specific users ID. The user can clear their cookies and visit the profile again, but "commoners" dont know about this technique.
In your code for viewing the profile, you use the following pseudocode:
if user has no cookie
bump views up by 1
So I create my own internal link tracker for ZF.
I don't use cookie.
I check if an ip is already back on the site. If so, I change the date of last visit, otherwise I created. Then, I check if the called page has already been visited. If so, I change, otherwise I insert. Then, I check if the association ip / page exists: if so, I change, otherwise I insert.
In the end, I can have a system of click per day, month, year, and for su ...
I wrote a tutorial on the occasion on my blog, because now it is only really suited to the current project.
Thank you for your support.

Categories