|
PHP - Make A Link The Only Way To Access A Certain Page
I have a site, and there is an image with a link to another page, how can I make it so this is the only way to get to that page is by clicking on that image, and not by typing www.mywebsite.com/page.php into the address bar in a browser?
Similar TutorialsThis is the code I have now however when you click next to view more results it says please enter a search..., (there is more code above this however I thought that the problem would be within the code provided.) $currPage = (($s/$limit) + 1); //break before paging echo "<br />"; // next we need to do the links to other results if ($s>=1) { // bypass PREV link if s is 0 $prevs=($s-$limit); print " <a href=\"$PHP_SELF?s=$prevs&q=$var\"><< Prev 10</a>  "; } // calculate number of pages needing links $pages=intval($numrows/$limit); // $pages now contains int of pages needed unless there is a remainder from division if ($numrows%$limit) { // has remainder so add one page $pages++; } // check to see if last page if (!((($s+$limit)/$limit)==$pages) && $pages!=1) { // not last page so give NEXT link $news=$s+$limit; echo " <a href=\"$PHP_SELF?s=$news&q=$var\">Next 10 >></a>"; } $a = $s + ($limit) ; if ($a > $numrows) { $a = $numrows ; } $b = $s + 1 ; echo "<p>Showing results $b to $a of $numrows</p>"; ?> This topic has been moved to Miscellaneous. http://www.phpfreaks.com/forums/index.php?topic=316783.0 i have created an object in one page. it has a submit button which upon clicking opens a new page. is it possible to access that created object and its data members in that second page? here is the code for creating the object in the first page. $viewcart = new Cart(); $viewcart->GetProductCart($user); I want to make it so public users cant access the index of/ page, how do I do that? Thanks This has been an ongoing issue from the start. When I try to login I enter the username and password and click login, then get taken back to the login page to reenter the same details and the second time I click login I get logged in. Now if I then log out and close window and wait a few seconds, restart again and try to log in, I get in first time. I believe this could be a session issue but I thought unsetting the unset($_SESSION['admin']); would cause the session to be lost and have to start again. I just can not get my head around what is causing it. Can anyone tell me what I might be doing wrong ? I have a redirect to originating page, so if I was to view a previous page within the admin area I have to log in and then once loggeed in it will redirect to the page I was on before. Here are my scripts.
<?php
session_set_cookie_params(0, '/', '.****.com'); session_start(); error_reporting(-1);
define('site_title', 'Admin ');
define('pageTitle', 'Admin ');
$_SESSION['loginRedirect'] = "adminCreateCampaign.php";
include("functions-for-email.php");
$checkAdminStatus = checkAdminStatus($mysqli);
if(!isset($_SESSION['admin']) || $checkAdminStatus == "NOACCESS") {
$_SESSION['error'] = 'You must be logged in to view that page. (el.S1)';
//$_SESSION['loginRedirect'] = "showStats.php";
//echo("You must be logged in to view that page. (el.S1)<br>"); exit;
@mysqli_close($mysqli);
header('Location: ' . adminFullWebAddress . '/index.php'); exit;
} else {
if($_SESSION['admin']['account_type'] != 'admin') {
$_SESSION['error'] = 'You do not have the priviledges to view that page. (el.S2)';
@mysqli_close($mysqli);
header('Location: ' . adminFullWebAddress . '/index.php'); exit;
}
}
?>
<!DOCTYPE>
<html>
<head>
<link href="adminstyle.css" rel="stylesheet" type="text/css" />
<title><?php echo(site_title); ?></title>
</head>
<body>
<div id="container">
<div class="containerInner">
<div id="leftInner100">
<?php // start of leftInner ?>
<?php menu(); ?>
<h1 class="middleTitle">Admin </h1>
<?php
if(isset($thisError)) { echo '<div class="errorDiv">',$thisError,'</div>'; unset($thisError); }
if(isset($thisSuccess)) { echo '<div class="successDiv">',$thisSuccess,'</div>'; unset($thisSuccess); }
?>
<br><br>
</div><?php // end of leftInner ?>
</div><?php // end of containerInner ?>
<div class="clearfix"></div>
</div><?php // container ?>
</body>
</html>
<?php @mysqli_close($mysqli); ?>
<?php
session_set_cookie_params(0, '/', '.****.com'); session_start(); error_reporting(-1);
include("functions.php");
$checkAdminStatus = checkAdminStatus($mysqli);
//$_SESSION['loginRedirect'] = adminFullWebAddress . "/index.php";
$fromlink4 = isset($_SERVER['REMOTE_ADDR']) ? (gethostbyaddr($_SERVER['REMOTE_ADDR'])) : "empty";
$ipAddress = $_SERVER['REMOTE_ADDR'];
if(isset($_POST['email'])) { $email = $_POST['email']; $email = strip_tags($email); } else { $email = ""; }
if(isset($_POST['pass'])) { $password = $_POST['pass']; $pass = $_POST['pass']; } else { $pass = ""; }
if(isset($_POST['login']) && trim($_POST['login']) == 'Login') {
$checkEmail = db_query($mysqli, "SELECT `adminid` FROM `admins` WHERE `email` = '" . $mysqli->real_escape_string($email) . "' LIMIT 1");
$checkBanned = db_query($mysqli, "SELECT `adminid` FROM `admins` WHERE `email` = '" . $mysqli->real_escape_string($email) . "' AND `suspended` = 'Yes' LIMIT 1");
$failedLoginCounter = 0;
if(!$email) {
$thisError = 'Please enter your e-mail address.';
} else if(! $checkEmail->num_rows) {
$thisError = 'Either the email address, password or both were not entered correctly.';
} else if(!$password) {
$thisError = 'Please enter your password.';
} else if($checkBanned->num_rows) {
$thisError = 'Your account has been suspended by Admin.';
} else {
$password = md5($password);
$checkAccount = db_query($mysqli, "SELECT * FROM `admins` WHERE `email` = '" . $mysqli->real_escape_string($email) . "' AND `password` = '" . $mysqli->real_escape_string($password) . "' LIMIT 1");
if($checkAccount->num_rows) {
$saveChanges = db_query($mysqli, "UPDATE `admins` SET `lastlogindatetime` = '" . $mysqli->real_escape_string(datetimenow) . "', `lastAccessSinceLogin` = '" . $mysqli->real_escape_string(datetimenow) . "', `lastloginip` = '" . $mysqli->real_escape_string($ipAddress) . "', `failedLoginCounter` = 0 WHERE `email` = '" . $mysqli->real_escape_string($email) . "' LIMIT 1");
// set lastlogindatetime
$_SESSION['admin'] = $checkAccount->fetch_assoc();
$loginRedirect = isset($_SESSION['loginRedirect']) ? $_SESSION['loginRedirect'] : "";
$_SESSION['success'] = 'You are now logged in. (ok.L2) ' . $loginRedirect;
header('Location: ' . adminFullWebAddress . '/' . $loginRedirect); exit;
} else {
$thisError = 'Your e-mail address and/or password is incorrect.<br>If you still face issues, you can <a href="startresetpw.php">reset your password</a>';
$saveChanges = db_query($mysqli, "UPDATE `admins` SET `failedLoginCounter` = `failedLoginCounter` + 1, `lastloginfailedip` = '" . $mysqli->real_escape_string($ipAddress) . "', `lastlogindatetimeFailed` = '" . $mysqli->real_escape_string(datetimenow) . "' WHERE `email` = '" . $mysqli->real_escape_string($email) . "' LIMIT 1"); // set lastlogindatetimeFailed
}
}
}
if(!isset($_SESSION['admin'])) {
define('site_title', 'Login');
define('pageTitle', 'Login');
} else {
define('site_title', 'Home');
define('pageTitle', 'Home');
}
?>
<!DOCTYPE>
<html>
<head>
<link href="adminstyle.css" rel="stylesheet" type="text/css" />
<title><?php echo(site_title); ?></title>
</head>
<body>
<div id="container">
<div class="containerInner">
<div id="leftInner100">
<?php // start of leftInner ?>
<div id="mainphoto"><?php //specialMessage($mysqli); mainPageImage(""); ?></div>
<div class="clear"></div><?php
if(isset($_SESSION['admin'])) {
menu();
}
if(isset($thisError)) { echo '<div class="errorDiv">',$thisError,'</div>'; }
if(isset($thisSuccess)) { echo '<div class="successDiv">',$thisSuccess,'</div>'; }
unset($thisError); unset($thisSuccess);
if(!isset($_SESSION['admin'])) { ?>
<div style="width: 100%; margin: 0em auto; text-align: center;">
<form method="POST" action="index.php" style="width: 15em; text-align: center;">
<div class="field"> E-mail Address </div>
<div class="value"> <input type="text" name="email" value="<?php if(isset($_POST['email'])) { echo $email; } ?>" style="width: 12.5em;" title="email"> </div>
<div class="field"> Password<br><span style="font-size: 0.8em;"><?php
if (isset($_POST['pass'])) { echo('<strong style="color: red;">'); } ?>(Please note: your password may be CaSe SeNSitIvE)<?php if (isset($_POST['pass'])) { echo('</strong>'); } ?></span>
</div>
<div class="value"> <input type="password" name="pass" value="" style="width: 12.5em;" title="pass"> </div>
<div><br><input type="submit" name="login" value="Login"> <input type="reset" value="Clear"><br></div>
</form><br>
<div class="clearFloat"></div>
</div>
<?php
} else { ?>logged in<?php } ?>
<br><br>
</div><?php // end of leftInner ?>
</div><?php // end of containerInner ?>
<div class="clearfix"></div>
</div><?php // container ?>
</body>
</html>
<?php
@mysqli_close($mysqli); ?>
functions.php
<?php
define('showOutput', 0);
include("/home/****/db_login_functions.php");
define('db_table_name', 'clientList');
define('mailHost', 'mail.****.com');
define('mailUsername', 'noreply@****.com');
define('mailPW', '****');
define('bounce', 'bounce@****.com');
define('fullDomain', 'https://www.admin.****.com');
define('adminFullWebAddress', 'https://www.admin.****.com');
define('adminEmail', 'admin@****.com');
define('fromEmail', 'noreply@****.com');
define('fromName', 'DO NOT REPLY');
define('REMOTEADDR', isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : '');
define('PHPSELF', $_SERVER['PHP_SELF']);
define('HTTPREFERER', isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : "not set");
define('unsub', 'https://www.****.com/unsub.php'); define('securityhash', 'abc'); // NEVER change this securityhash.
date_default_timezone_set('Europe/London');
define('datetimenow', date("Y-m-d H:i:s"));
/* check if user is allowed to access a certain page or not. */
function checkAdminStatus($mysqli) { $yesNo = "";
if(isset($_GET['action']) && $_GET['action'] == 'logout') {
unset($_SESSION['admin']);
$_SESSION['success'] = 'You have successfully logged out. (lo.1)';
header('Location: index.php'); exit;
}
if(isset($_SESSION['admin']) ) {
// need to add in code to check if logged in for more than 1 hour, if so log out on next refresh of page.
if ($_SESSION['admin']['lastAccessSinceLogin'] < date( 'Y-m-d H:i:s', strtotime("-5 minutes") )) { unset($_SESSION['admin']);
$_SESSION['error'] = 'You were logged out due to no activity, please login again to view that page. (lo.2)';
header('Location: index.php'); exit;
}
$checkBanned = db_query($mysqli, "SELECT `adminid` FROM `admins` WHERE `email` = '" . $mysqli->real_escape_string($_SESSION['admin']['email']) . "' AND `suspended` = 'Yes' LIMIT 1");
if($checkBanned->num_rows) { $yesNo = "NOACCESS"; //$_SESSION['error'] = 'You must be logged in to view that page.';
} else { $yesNo = "ACCESS"; // if logged in, update `users`.`lastAccessSinceLogin` with current datetime.
$updateLastAccessSinceLogin = db_query($mysqli, "UPDATE `admins` SET `lastAccessSinceLogin` = '" . $mysqli->real_escape_string(datetimenow) . "', `lastloginip` = '" . $mysqli->real_escape_string(REMOTEADDR) . "', `failedLoginCounter` = 0 WHERE `email` = '" . $mysqli->real_escape_string($_SESSION['admin']['email']) . "' LIMIT 1");
$_SESSION['admin']['lastAccessSinceLogin'] = datetimenow;
}
}
return $yesNo;
}
function menu() {
echo('<a href="index.php?action=logout">Log Out</a> ');
echo('
<a href="adminCreateCampaign.php">Create Campaign</a><br><br><br>');
}
?>
.htaccess (within the admin folder)
Header set Access-Control-Allow-Origin "*"
RewriteEngine On
RewriteCond %{HTTPS} off
# First rewrite to HTTPS:
# Don't put www. here. If it is already there it will be included, if not
# the subsequent rule will catch it.
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
# Now, rewrite any request to the wrong domain to use www.
# [NC] is a case-insensitive match
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule .* https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
### DON'T DELETE!! Below entry is MUST for your PHP sites like wordpress,joomla and etc to work properly.
suPHP_ConfigPath /home/****/php.ini
.htaccess (within the root folder)
Header set Access-Control-Allow-Origin "*"
RewriteEngine On
RewriteCond %{HTTPS} off
# First rewrite to HTTPS:
# Don't put www. here. If it is already there it will be included, if not
# the subsequent rule will catch it.
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
# Now, rewrite any request to the wrong domain to use www.
# [NC] is a case-insensitive match
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule .* https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
### DON'T DELETE!! Below entry is MUST for your PHP sites like wordpress,joomla and etc to work properly.
suPHP_ConfigPath /home/****/php.ini
the php.ini file allow_url_fopen = on allow_irl_include = on date.timezone = Europe/London safe_mode = off upload_max_filesize = 20M post_max_size = 20M upload_tmp_dir = "/home/****/tmp" session.save_path = "/home/****/sessions" session.use_only_cookies = on error_reporting = E_ALL log_errors = On display_errors = Off track_errors = On error_log = "/home/****/errors.log" sendmail_from = "server@****.com"
I have an MS Access Database that resides on the server that I will be hosting the pages I'm building. In my MS Access Database I have a query called "CheckedInEquipment" that I would like to have constantly display on a PHP page. It needs to be 'fluid', so the data is always up to date on the web page. (This is all in a sandbox XAMPP environment). Has anyone done this, can you lead me to examples or push me in the right direction? Carl Hi guys so i want to make page acces to certain ranks. So im thinking for something like this
rank1 -> home.php, admins.php So the ranks are in a database with the page names. So now when someone logs in they will get a certain rank. So now i need to make a function that will check if the rank has access to this page. $curPageName = substr($_SERVER["SCRIPT_NAME"],strrpos($_SERVER["SCRIPT_NAME"],"/")+1); This will detect the current page that the logged in person is at now. But now how do i check if the $_SESSION['rank']; (rank1) has the access to get in page admins.php, and obviously to make $_SESSION['rank'];(rank2) redirect from the page admins.php Could someone point me in the right direction? Do i select the ranks and page names from database then put it into a array? Thanks. Hello, Im making a little script to grab some data from a website but the data loads up a Javascript popup and unless you click the link from the page you came from you get a 404 error. Is there any ways to able me to load up the page using php so i can access some of the data on the page. The page im trying to access has the following code in the head, Does that have anything to do why you cant directly access it? Code: [Select] <META NAME="Robots" CONTENT="index,follow"> Hope this makes sense, If anyone knows a solution i would really appreciate it. Hello.
I have a bit of a problem. When I fetch the link field from the database.i don't see an actual link on the page.
One more thing, what type of field should I use to store the link in the database? Probably there is where I went wrong.
All help is
Below is the screenshots and script for user page level access i have used it for one of my old projects. Code is working as it was intended. But it needs to be improvised. Users table
pages table , which has all the pages and links
Access level table. which has user id from users table and page id from pages table (for which user has access)
Once the user is created, admin gives access to the user on page basis, the permissions.php page looks like this The modules
Menus inside the modules
Pages in each menu
Here is my code for permission.php
<div id="demo2-html">
<ul id="demo2" class="mnav">
<li><a href="#">Sales</a>
<ul>
<li><a href="#">Lead</a>
<ul>
<table class="table table-bordered table-striped table-hover">
<?php
$s1 = mysqli_query($con, "SELECT pages.page_id as pid, pages.code, pages.page,
pages.href, access_level.aid, access_level.page_id as pgid,
access_level.user_id
FROM pages
LEFT JOIN access_level ON (pages.page_id=access_level.page_id
AND access_level.user_id=".$user."
) WHERE pages.code='led'") or die(mysqli_error($con));
while($s2 = mysqli_fetch_array($s1)) { ?>
<tr><li><td><?php echo $s2['page']; ?> </td><td><input type="checkbox" name="sn[]" value="<?php echo $s2['pid']; ?>" <?php if($s2['pgid'] === $s2['pid']) echo 'checked="checked"';?> />
<input type="hidden" value="<?php echo $s2['pid']; ?>" name="page_id[<?php echo $s2['pgid']; ?>]">
</td></li></tr>
<?php } ?>
</table>
</ul>
</li>
<li><a href="#">Customer</a>
<ul>
<table class="table table-bordered table-striped table-hover">
<?php
$s1 = mysqli_query($con, "SELECT pages.page_id as pid, pages.code, pages.page,
pages.href, access_level.aid, access_level.page_id as pgid,
access_level.user_id
FROM pages
LEFT JOIN access_level ON (pages.page_id=access_level.page_id
AND access_level.user_id=".$user."
) WHERE pages.code='cst'") or die(mysqli_error($con));
while($s2 = mysqli_fetch_array($s1)) { ?>
<tr><li><td><?php echo $s2['page']; ?> </td><td><input type="checkbox" name="sn[]" value="<?php echo $s2['pid']; ?>" <?php if($s2['pgid'] === $s2['pid']) echo 'checked="checked"';?> />
<input type="hidden" value="<?php echo $s2['pid']; ?>" name="page_id[<?php echo $s2['pgid']; ?>]">
</td></li></tr>
<?php } ?>
</table>
</ul>
</li>
//code goes for all the other modules
</ul>
</li>
</ul>
</div>
<input type="hidden" name="user" value="<?php echo $user; ?>" />
<div class="row" align="center">
<input type="submit" name="submit" class="btn btn-success" value="Save" />
</form>
// form Submission
if(isset($_POST['submit']))
{
$user = $_POST['user'];
$sql = "DELETE FROM access_level WHERE user_id = ".$user."";
$query = mysqli_query($con, $sql) or die (mysqli_error($con));
foreach($_POST['sn'] as $sn)
{
$sql = "insert into access_level (page_id, user_id) values (".$sn.", ".$user.")";
$query = mysqli_query($con, $sql) or die (mysqli_error($con));
}
if($query)
{
header("location:users.php?access=1");
}
}
So against each user i am storing all the page ids here. When i edit any of the users, it deletes all the records and again insers new records. Which i feel is not a proper way to do. And in codewise also, i am redirecting the user to no_access.php (as below) page if the user do not have access.
<?php
ob_start();
include("connect.php");
include("admin_auth.php");
$q1 = basename($_SERVER['REQUEST_URI'], '?' . $_SERVER['QUERY_STRING']);
$q2 = $_SERVER['REQUEST_URI'];
$var1 = "/".$q1;
$qa_path=explode('/', $q2);
$right_path = $qa_path[2].$var1;
$parsedUrl = parse_url($q2);
$curdir = dirname($_SERVER['REQUEST_URI'])."/";
$m4 = "select p.page_id, p.code, p.page, p.href, al.aid, al.page_id, al.user_id FROM pages p INNER JOIN access_level al ON p.page_id=al.page_id WHERE al.user_id=".$_SESSION['user_id']."";
$m5 = mysqli_query($con, $m4) or die (mysqli_error($con));
while($nk1 = mysqli_fetch_array($m5)) {
$href1[] = ($nk1['href']); }
if(in_array($right_path, $href1)) {
echo "<script type='text/javascript'> document.location = ".BASE_URL."/".$right_path."</script>";
}
else
{
echo "<script type='text/javascript'> document.location = '../no_access.php' </script>";
exit();
}
?>
I need help in improve and better/effective (structural) way to do this both in database and php script. I am using the debug_backtrace() php function to prevent direct access to admin files.
i simply place the code below at the top of a page eg config.php and direct access via the browser is prevented.
Is it a safe practice or is there a better way of doing it?
<?php
debug_backtrace() || die ("Direct access to this resource is forbidden");
?>
Thanks
This topic has been moved to HTML Help. http://www.phpfreaks.com/forums/index.php?topic=307669.0 I have created a database that echos out the result on a webpage, what i want to do is create one of the echo results into a link - the code is as follows: "Web Address: $web_address <br>" . Is there an easy way to make the result a link as the input will always be a web address? Thanks in advance! ok, how do I make this button go to the specific link that is set with it.......it goes to page without eventid=eventid: Code: [Select] <form action= \"editevent.php?eventid=".$row['eventid']."\" method=\"link\"><INPUT TYPE=\"submit\" VALUE=\"Edit\"></form>"; Hey, What i want is that if a username inserts some text into a field like "Hey @martin how are ya" ? then it will display @martin as a link that takes you to site.com/martin, i searched php.net from preg_replace and str_replace...unfortunately for me things got so complicated that i don't even want to talk about it. Anyone who can do it will be my saviour! Seems to be a basic question, but I couldn't find an answer nor figure it out on my own. Basically I have a script that takes out specific data out of the database, the script works on its own, now I just need a way to make the user execute it with a link or a button. Example: Category: [Smileys] - [Category2] - [Category3] - etc. As soon as the user clicks on [Smileys] all data in the database which contains the word smileys in the category field gets selected and outputted as a list. Again the script works, I just need to be able to execute it with a button. If I understood it correctly I have to run the script by adding a if (isset($_POST['Smileys'])) { in front of the script. But how do I build the connection with the text link? I have a table where it displays some data. How do I make this Code: [Select] echo "<td>" . $row['title'] . "</td>"; into a link? Hi People. I am doing quite well with my www.airfieldcards.com website which is information for pilots in the UK and ireland should they wish to visit another airfield. It is in the form of a flight guide for free. Each card is held in a database and the cards are shown on the site by loading the following script /php/results.php?id=132 In the above example the card for c-moor in Ireland would be loaded. I want to be able to add a link within the cards that will give the user "the code" to enter that card within their own website. Sort of a "click here to get the code to add to your website" Then opening a separate box in a new window that had something like this in it. Copy and Paste the following code into your website Code: [Select] <iframe width="720" height="1500" frameborder="0" scrolling="no" marginheight="0" marginwidth="0" src="http://airfieldcards.com/php/results.php[b][i]"what goes here?"[/i][/b] What would I put into the bit "what goes here?" to dynamically load that specific card? and give the user the correct code to add into their own site? Thanks in advance, you guys on here have always been brilliant. |
|||||||