|
PHP - How To Check That A User Has Reached Page B From Page A
Hi Guys,
Quick question. I'm trying to get my head around how I would check that a user has reached a certain page from another page. So for example, the workflow through my site is something like the following: user registers a verification email is sent user clicks the link within the verification email to complete the sign up process user logs in and ONLY on a successful login will the following happen: checks are made to see if account has been verified if user has been verified, go to main menu if user has not been activated his account then he goes to a page that says account has not been activated The bit i'm struggling to get my head around is this... the user should only reach the page 'account has not been activated' page from the login page. If that page was called confirm-account.php. What can i do to stop a random person typing something along the lines of www.mywebsite.com/confirm-account.php and getting straight onto that page? or even upon the registration process if the user is taken to a page that says an email has been sent, how would i stop a random person just typing the url straight to that page and bypassing the pages I would expect them to have gone through before reaching that?? Cheers How Similar TutorialsHi, I'm trying to change an OpenSource software that is using PHP code, I'm somewhat new to PHP and am wanting to learn more on it, but I'm having trouble a couple of things. On rightcolumn.tpl, I include another file called login_rightside.tpl where it is a login box. What I want to do is if the user clicks "Register" and gets taken to "signup.php" then that login box on "login_rightside.tpl" should disappear. So basically my pseudocode is this: Code: [Select] if (current page = signup.php do nothing else {include file="login_leftside.tpl"} end if My problem is how to tell it that the current page is signup.php. If anyone can provide some help, I'd appreciate it. I have a site where the user must view a timed loader before playing an audio bible. I'm noticing some direct linking to the bible player instead of sitting through the loader... I need to check the previous page's url before actually loading the player. I through together a script last ween in javascript and people reported error, so I assumed it would be best server side anyway. I haven't coded anything in PHP since PHP3. So, I'm asking for your expert options and help... I haven't tested this yet, but is this the best method and are they any problems with this method (if it works). $realname = basename($_SERVER[loader], ".php"); if ($realname == 'loader.php') { return(); } else { // rediret to a notice to user that this isn't allow header( 'Location: http://www.yoursite.com/new_page.html' ) ; } Hello people i have a system that takes people to generated pages from the database, the user has a field to input a video and others watching videos will get redirecting to tht video in time, what i want to know is how can i tell if a user viewed the page so to stop them getting redirected to it again by my random video query? The link always is video.php?id=blabla the id changes every refresh, so i can call that id to check if there on the page but how can i tell if they have been on it before. i want a code in php to check if user open this page Hi guys, I am trying to put together a little system that allows users to log onto my website and access there own personal page. I am creating each page myself and uploading content specific to them which cannot be viewed by anyone else. I have got the system to work up as far as: 1/ The user logs in 2/ Once logged in they are re-directed to their own page using 'theirusername.php' Thats all good and working how I need it too. The problem I have is this. If I log onto the website using USER A details - I get taken to USER A's page like I should but - If I then go to my browser and type in USERBdetails.php I can then access USER B's page. This cannot happen!! I need for USER A not to be able to access USER B profile - there is obviously no point in the login otherwise! If you are not logged in you obviously cannot access any secure page. That much is working! Please find below the code I am using: LOGIN <?php session_start(); function dbconnect() { $link = mysql_connect("localhost", "username", "password") or die ("Error: ".mysql_error()); } ?> <?php if(isset($_SESSION['loggedin'])) { header("Location:" . strtolower($username) . ".php"); if(isset($_POST['submit'])) { $username = mysql_real_escape_string($_POST['username']); $password = mysql_real_escape_string($_POST['password']); $mysql = mysql_query("SELECT * FROM clients WHERE username = '{$username}' AND password = '{$password}'"); if(mysql_num_rows($mysql) < 1) { die("Password or Username incorrect! Please <a href='login.php'>click here</a> to try again"); } $_SESSION['loggedin'] = "YES"; $_SESSION['username'] = $username; $_SESSION['name'] header("Location:" . strtolower($username) . ".php"); } ?> HEADER ON EACH PHP PAGE <?php session_start(); if(!isset($_SESSION['loggedin'])) { die(Access to this page is restricted without a valid username and password); ?> --------------------------------------------------- Am I right in thinking it is something to do with the "loggedin" part? The system I have here is adapted from a normal login system I have been using for years. The original just checks the details and then does a 'session start'. This one obviously has to re-direct to a user specific page. To do this I used the <<header("Location:" . strtolower($username) . ".php");>> line to redirect to a page such as "usera.php" or "userb.php" Any help would be greatly appreciated! Ta Quesion: Show each movie in the database on its own page, and give the user links in a "page 1, Page 2, Page 3" - type navigation system. Hint: Use LIMIT to control which movie is on which page. I have provided 3 files: 1st: configure DB, 2nd: insert data, 3rd: my code for the question. I would appreciate the help. I am a noob by the way. First set up everything for DB: <?php //connect to MySQL $db = mysql_connect('localhost', 'root', '000') or die ('Unable to connect. Check your connection parameters.'); //create the main database if it doesn't already exist $query = 'CREATE DATABASE IF NOT EXISTS moviesite'; mysql_query($query, $db) or die(mysql_error($db)); //make sure our recently created database is the active one mysql_select_db('moviesite', $db) or die(mysql_error($db)); //create the movie table $query = 'CREATE TABLE movie ( movie_id INTEGER UNSIGNED NOT NULL AUTO_INCREMENT, movie_name VARCHAR(255) NOT NULL, movie_type TINYINT NOT NULL DEFAULT 0, movie_year SMALLINT UNSIGNED NOT NULL DEFAULT 0, movie_leadactor INTEGER UNSIGNED NOT NULL DEFAULT 0, movie_director INTEGER UNSIGNED NOT NULL DEFAULT 0, PRIMARY KEY (movie_id), KEY movie_type (movie_type, movie_year) ) ENGINE=MyISAM'; mysql_query($query, $db) or die (mysql_error($db)); //create the movietype table $query = 'CREATE TABLE movietype ( movietype_id TINYINT UNSIGNED NOT NULL AUTO_INCREMENT, movietype_label VARCHAR(100) NOT NULL, PRIMARY KEY (movietype_id) ) ENGINE=MyISAM'; mysql_query($query, $db) or die(mysql_error($db)); //create the people table $query = 'CREATE TABLE people ( people_id INTEGER UNSIGNED NOT NULL AUTO_INCREMENT, people_fullname VARCHAR(255) NOT NULL, people_isactor TINYINT(1) UNSIGNED NOT NULL DEFAULT 0, people_isdirector TINYINT(1) UNSIGNED NOT NULL DEFAULT 0, PRIMARY KEY (people_id) ) ENGINE=MyISAM'; mysql_query($query, $db) or die(mysql_error($db)); echo 'Movie database successfully created!'; ?> ******************************************************************** *********************************************************************** second file to load info into DB: <?php // connect to MySQL $db = mysql_connect('localhost', 'root', '000') or die ('Unable to connect. Check your connection parameters.'); //make sure you're using the correct database mysql_select_db('moviesite', $db) or die(mysql_error($db)); // insert data into the movie table $query = 'INSERT INTO movie (movie_id, movie_name, movie_type, movie_year, movie_leadactor, movie_director) VALUES (1, "Bruce Almighty", 5, 2003, 1, 2), (2, "Office Space", 5, 1999, 5, 6), (3, "Grand Canyon", 2, 1991, 4, 3)'; mysql_query($query, $db) or die(mysql_error($db)); // insert data into the movietype table $query = 'INSERT INTO movietype (movietype_id, movietype_label) VALUES (1,"Sci Fi"), (2, "Drama"), (3, "Adventure"), (4, "War"), (5, "Comedy"), (6, "Horror"), (7, "Action"), (8, "Kids")'; mysql_query($query, $db) or die(mysql_error($db)); // insert data into the people table $query = 'INSERT INTO people (people_id, people_fullname, people_isactor, people_isdirector) VALUES (1, "Jim Carrey", 1, 0), (2, "Tom Shadyac", 0, 1), (3, "Lawrence Kasdan", 0, 1), (4, "Kevin Kline", 1, 0), (5, "Ron Livingston", 1, 0), (6, "Mike Judge", 0, 1)'; mysql_query($query, $db) or die(mysql_error($db)); echo 'Data inserted successfully!'; ?> ************************************************************** **************************************************************** MY CODE FOR THE QUESTION: <?php $db = mysql_connect('localhost', 'root', '000') or die ('Unable to connect. Check your connection parameters.'); mysql_select_db('moviesite', $db) or die(mysql_error($db)); //get our starting point for the query from the URL if (isset($_GET['offset'])) { $offset = $_GET['offset']; } else { $offset = 0; } //get the movie $query = 'SELECT movie_name, movie_year FROM movie ORDER BY movie_name LIMIT ' . $offset . ' , 1'; $result = mysql_query($query, $db) or die(mysql_error($db)); $row = mysql_fetch_assoc($result); ?> <html> <head> <title><?php echo $row['movie_name']; ?></title> </head> <body> <table border = "1"> <tr> <th>Movie Name</th> <th>Year</th> </tr><tr> <td><?php echo $row['movie_name']; ?></td> <td><?php echo $row['movie_year']; ?></td> </tr> </table> <p> <a href="page.php?offset=0">Page 1</a>, <a href="page.php?offset=1">Page 2</a>, <a href="page.php?offset=2">Page 3</a> </p> </body> </html> Is there a function to check the name of the current page? Such as login.php or something like that? If not, does anyone have a custom function already created? I wasn't sure where to post this so I apologize if this is the wrong forum. I have a php page with over 50 numerical inputs on a form. A lot of the inputs are used to get data out of the mysql database so I want to be safe from sql injection. Is it safe to use a javascript onsubmit function that will not allow the form to be submitted if there is any non numeric data entered by the user? I've already written the function & it works fine but I'm not sure how much protection it gives me. Any feedback welcome. Hi, I have to ask about profile page for each user like facebook and netlog. As u can see in netlog it is like this http://en.netlog.com/ElegantLeo and i have a site http://cyprussaver.com/merchant.php?id=64 and here each merchant profile can be viewed like this but i need to show them like this http://cyprussaver.com/rocksman please guide me what i have to do in order to achieve this result. Thanks, Hanan ALi Hi, I'm trying to build a pages for user preferences for digital tv. Each user has to login so we know which user to assign the preferences to. On the page i have a question about which genre of movies the user likes (so I have 1 table "Genre" with 10+ genres in it) So the first thing I do is display checkboxes with the genres that are in the DB. Now here are some things I don't really know: - I have a table userGenre that combines the users and the genres they've picked, so if userid 1 chooses 3 genres, it comes like this in the userGenre table ( userID: 1, genreID: 1 userID: 1, genreID: 3 userID: 1, genreID: .. I don't know if this is the best way though. - How can I display the genres they picked starting from the values in the DB? I have something now: "SELECT * FROM userGenre WHERE userID = " . $userID or something like that.. I don't know what to do next Hello Coders, Iam in a confused situation. I made a php script & in that script i want to check how much time (in seconds) the page is taking to fetch the content from the server. If the time is greater than to i defined time then i want to show a error message to the users. Anybody can give me ideas ..................... ?? I have a while loop of check box's with the SQL record id's set as there values. I want to be able to pass all the checked records to another page in single var's with the correct ID value in order to list the selected items on the on the next page. any idea's guys? Is there a way to run a check on the server to see how long it takes for the page to get built, then print it to the screen?
I tried searching for it online for a few minutes, but it wasn't able to be found. All I'm finding on there is how to optimize the pages, but I want a simple time check performed on the page loading
Whats going on PHPfreaks? So this is what I've been trying to do for the whole weekend and just can't figure it out. I want to let users create new pages on my site like wiki style but dont want a wiki or drupal or joomla or any of that. I know its possible with: $text = $_POST['text']; $file = fopen($text . ".php","x"); fwrite($file,"Welcome to your new page!"); but I'm not sure how to integrate it. For further clarification here's an example: You come to the site and there is a list of previously made user pages all with their own user generated name. What I want to have is a create new page button that opens a new page allows the user to upload images then submit it to the database and upon refresh of the page their page is now in the list. The create new page resets and is available for another user and on and on. Any help will be appreciated. I need to get this done it's driving me crazy. I have a page that has roughly 100 text input fields. Once the user is done, I need to put the data in my mysql db. How do I get the data from the user input page to the php page that will process the data (e.g. process.php)? I've done some searching and found a few possibilities use a ajax style call back to load a seperate asp page (e.g. createsession.asp) and that page set session variables that can then be read by process.php write everything to a cookie using some sort of a delimiter so that it can handle multiple variables (e.g. cookie data => var1/var2/var3/var4... write all the data to a text file and then have process.php load that file Which should I pursue? Is there a better option? <?php $host=""; // Host name $username=""; // Mysql username $password=""; // Mysql password $db_name="helpdesk"; // Database name $tbl_name="users"; // Table name // Connect to server and select databse. mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); // username and password sent from form $barcodeID=$_POST['barcode']; // To protect MySQL injection (more detail about MySQL injection) $barcodeID = stripslashes($barcodeID); $barcodeID = mysql_real_escape_string($barcodeID); $sql="SELECT * FROM $tbl_name WHERE BarcodeID='$barcodeID'"; $result=mysql_query($sql); $isAdmin = mysql_fetch_row($result); if ($result['Priority'] = "Admin") { header("location:AdminSection.php"); } else //do I have something missing here? { header("location:index.php"); } // Mysql_num_row is counting table row $count=mysql_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row if($count==1){ // Register $myusername, $mypassword and redirect to file "login_success.php" $_SESSION['barcode'] = $barcodeSession; $_SESSION['userlevel'] = $row['Priority']; if($row['userlevel'] == "Admin") { header("location:AdminSection.php"); }else{ header("location:index.php"); } header("location:LoggedIn.php"); } else { header("location:index.php"); } ?> When a user has been entered into the database with their priority set to Admin, it will no recognise it? Any help is apprectiated Thanks Some code from my pages ,
Page1 ( Redirecting page )
<html> <title>login_redirect.</title> body> <form name="redirect" action="http://mysite/page2.php" method="post"> <input type="hidden" name="mac" value="$(mac)"> </form> <script language="JavaScript"> <!-- document.redirect.submit(); //--> </script> </body> </html>Page 2 ( select product )
<?php
session_start();
ini_set('display_errors',1);
error_reporting(E_ALL);
include '../lib/config.php';
include '../lib/opendb.php';
// get user mac adres from redirect post page1
$_SESSION['macid'] = $_POST['mac'];
// set $macid for other use ( maybe not needed, am learning )
$macid = $_SESSION['macid'];
// echo $macid does show mac adress, so variable is not empty here
if (!empty($_POST["submit"]))
{
$product_choice = $_POST['accounttype'];
$query= "SELECT AccountIndex, AccountCost, AccountName FROM AccountTypes WHERE AccountIndex='$product_choice'";
$result = mysql_query($query) or die('Query failed. ' . mysql_error());
while($row = mysql_fetch_array($result))
{
$_SESSION['AccountIndex'] = $row['AccountIndex'];
$_SESSION['AccountCost'] = $row['AccountCost'];
$_SESSION['AccountName'] = $row['AccountName'];
}
header('Location: page3.php');
}
// did leave out the other/html/form stuff here
Page 3 ( show Session variables )
<?php
ini_set('display_errors',1);
error_reporting(E_ALL);
session_start();
print_r($_SESSION);
?>
Now, on page 3 i do see the right session varables, only the "macid" is empty.
why ?
I have a php page that is linked to in a Joomla site in a Wrapper. I want to be able to block access to a php page unless it was called by a link in the main menu. I figured I could use $_SERVER['HTTP_REFERER'] to accomplish this like so: Link from Main Menu -> top_secret.php Code: [Select] <?php //the following is placed in the header of top_secret.php web page $page1 = 'http://myweb.com/index.php?option=com_wrapper&view=wrapper&Itemid=201';//page that user must come from $menu_link = $_SERVER['HTTP_REFERER'];//page that user comes from if($page1 !== $menu_link) { header('Location: http://myweb.com/error_page.php'); } ?> Thus if some one tries to simply access the top_secret.php with out going through the joomla menu- they will be re-directed to an error page. My question to the guru's is- is this secure or can someone easily get to the top_secret.php without going through the menu. Keep in mind- that the menu the person must use is only accessible from a registered joomla user for that site. Hope that makes sense. This topic has been moved to JavaScript Help. http://www.phpfreaks.com/forums/index.php?topic=330185.0 I've started a to-do app, and everything works fine. Every user has his own unique to-do items that he can add. The only issue is that when I log-in with a user, ALL the items of all users are displayed when I'm redirect to my main page. I want to make it as so every user has his own page where only the to-do items he has created are visible, not every item from every user. I'm a total beginner with PHP so I'm sorry if this is a stupid question. This is my todomain.php code
<?php
require 'db_conn.php';
require 'config.php';
session_start();
// If the session variable is empty, this
// means the user is yet to login
// User will be sent to 'login.php' page
// to allow the user to login
if (!isset($_SESSION['id'])) {
$_SESSION['msg'] = "You have to log in first";
header('location: login.php');
}
// Logout button will destroy the session, and
// will unset the session variables
// User will be headed to 'login.php'
// after loggin out
if (isset($_GET['logout'])) {
session_destroy();
unset($_SESSION['id']);
header("location: login.php");
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset= "UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<link rel="stylesheet" href="css/bootstrap-grid.min.css">
<link rel="stylesheet" href="css/bootstrap.min.css">
<link rel="stylesheet" href="style.css">
<a href="index.php?logout='1'" style="color: black;">
Click here to Logout
</a>
<?php if (isset($_SESSION['success'])) : ?>
<div class="error success" >
<h3>
<?php
echo $_SESSION['success'];
unset($_SESSION['success']);
echo $_SESSION["username"]
?>
</h3>
</div>
<?php endif ?>
<title>TODO App</title>
<script src="https://kit.fontawesome.com/d72928d9b9.js" crossorigin="anonymous"></script>
</head>
<body>
<div class="container m-5 p-2 rounded mx-auto bg-light shadow">
<!-- App title section -->
<div class="row m-1 p-4">
<div class="col">
<div class="p-1 h1 text-primary text-center mx-auto display-inline-block">
<i class="fa fa-check bg-primary text-white rounded p-2"></i>
<u>My Todo-s</u>
</div>
</div>
</div>
<!-- Create todo section -->
<form action="app/add.php" method="POST" autocomplete="off">
<div class="row m-1 p-3">
<div class="col col-11 mx-auto">
<div class="row bg-white rounded shadow-sm p-2 add-todo-wrapper align-items-center justify-content-center">
<div class="col">
<input class="form-control form-control-lg border-0 add-todo-input bg-transparent rounded" type="text" name="title" placeholder="Add new ..">
</div>
<div class="col-auto m-0 px-2 d-flex align-items-center">
<label class="text-secondary my-2 p-0 px-1 view-opt-label due-date-label d-none">Due date not set</label>
<i class="fa fa-calendar my-2 px-1 text-primary btn due-date-button" data-toggle="tooltip" data-placement="bottom" title="Set a Due date"></i>
<i class="fa fa-calendar-times-o my-2 px-1 text-danger btn clear-due-date-button d-none" data-toggle="tooltip" data-placement="bottom" title="Clear Due date"></i>
</div>
<div class="col-auto px-0 mx-0 mr-2">
<button type="submit" class="btn btn-primary">Add</button>
</div>
</div>
</div>
</div>
</form>
<?php
$todos=$conn->query("SELECT * FROM todos ORDER BY id ASC");
?>
<div class="row mx-1 px-5 pb-3 w-80">
<div class="col mx-auto">
<?php
while($todo=$todos->fetch(PDO::FETCH_ASSOC)){ ?>
<!-- Todo Item 1 -->
<div class="row px-3 align-items-center todo-item rounded">
<?php if($todo['checked']){ ?>
<input type="checkbox" class="check-box" data-todo-id="<?php echo $todo['id'];?>" checked />
<h2 class="checked"><?php echo $todo['title'] ?> </h2>
<div class="col-auto m-1 p-0 todo-actions">
<div class="row d-flex align-items-center justify-content-end">
</div>
</div>
<?php } else{ ?>
<input type="checkbox" class="check-box" data-todo-id="<?php echo $todo['id'];?>"/>
<h2><?php echo $todo['title'] ?></h2>
<?php } ?>
<div class="col-auto m-1 p-0 d-flex align-items-center">
<h2 class="m-0 p-0">
<i class="fa fa-square-o text-primary btn m-0 p-0 d-none" data-toggle="tooltip" data-placement="bottom" title="Mark as complete"></i>
</h2>
</div>
<div class="col-auto m-1 p-0 todo-actions">
<div class="row d-flex align-items-center justify-content-end">
<h5 class="m-0 p-0 px-2">
<i class="fa fa-pencil text-info btn m-0 p-0" data-toggle="tooltip" data-placement="bottom" title="Edit todo"></i>
</h5>
<h5 class="m-0 p-0 px-2">
<i class="remove-to-do fa fa-trash-o text-danger btn m-0 p-0" data-toggle="tooltip" data-placement="bottom" title="Delete todo" id="<?php echo $todo['id']; ?>"></i>
</h5>
</div>
<div class="row todo-created-info">
<div class="col-auto d-flex align-items-center pr-2">
<i class="fa fa-info-circle my-2 px-2 text-black-50 btn" data-toggle="tooltip" data-placement="bottom" title="" data-original-title="Created date"></i>
<label class="date-label my-2 text-black-50"><?php echo $todo['date_time'] ?></label>
</div>
</div>
</div>
</div>
<?php } ?>
</div>
<script src="https://code.jquery.com/jquery-3.3.1.slim.min.js" integrity="sha384-q8i/X+965DzO0rT7abK41JStQIAqVgRVzpbzo5smXKp4YfRvH+8abtTE1Pi6jizo" crossorigin="anonymous"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.3/umd/popper.min.js" integrity="sha384-ZMP7rVo3mIykV+2+9J3UJ46jBk0WLaUAdn689aCwoqbBJiSnjAK/l8WvCWPIPm49" crossorigin="anonymous"></script>
<script src="js/bootstrap.bundle.min.js"></script>
<script src="js/myjs.js" ></script>
<script src="js/jquery-3.3.1.min.js"></script>
<script>
$(document).ready(function(){
$(".remove-to-do").click(function(e){
const id = $(this).attr('id');
$.post('app/remove.php',
{
id: id
},
(data) => {
if(data){
$(this).parent().parent().parent().parent().hide(300);
}
}
);
});
$(".check-box").click(function(e){
const id = $(this).attr('data-todo-id');
$.post('app/checking.php',
{
id: id
},
(data) => {
if(data!='error'){
const h2= $(this).next();
if(data === '1'){
h2.removeClass('checked');
}else{
h2.addclass('checked');
}
}
}
);
});
});
</script>
</body>
</html>
|
|||||||