x10 Sophmore
Unique php page
Can anyone tell me how to make a unique php page so that when someone submits information they are directed to a unique page and therefore cannot skip that by entering the URL into the URL address bar/
like this:
http://forums.x10hosting.com/search.php?searchid=619273
x10 Lieutenant
I'm sorry but I don't understand what you mean. Your link brings me to a "Sorry - no matches. Please try some different terms." message.
x10 Sophmore
yeah I think that what he wants I dont get why you cant just make that in html though... why does it half to be php?
x10 Elder
Surely the "unique" page would simply do a validation search on a database, depending on the $POST or even $SESSION variable from the previous page?? Or even just a simpler check of a specified value from these variables?
So even if you type in the correct URL, it wont carry the right variable and therefore not show correctly - as in the link you provided...
I have a few pages like this to do with new registrations on my website - otherwise, new users would be able to skip the registration procedure and gain access to the system. - I use $SESSION variables though because they are carried for the entire browser session.
Neither $POST, nor $SESSION variables appear in the URL and so cannot be manipulated (Javascript geeks - dont make this more complicated!)
x10 Sophmore
the URL I posted wasn't supposed to be a link but just an example of a unique URL and not a real one..
freecrm or anyone that knows - can you tell me how to create $session variables so that users cannot skip stages in a sign up process//
Ever grateful~
x10 Elder
My registration process contains few pages.Originally Posted by bunglebrown
PAGE 1: Registration Form
First page is imple form with usual stuff - Username, Password, E-mail address etc.
On submit, the same page enters these details into the back end database but enters a value under the access level as "Unvalidated". This means that they can login but do not have access to any functions (as access level needs to be something other than unvalidated).
It also commits the $_POST variables from the form into $_SESSION variables like this:
etc. for each variable.PHP Code:if (isset($_POST['username'])) {
$_SESSION['username'] = stripslashes($_POST['username']);
}
if (isset($_POST['password1'])) {
$_SESSION['password'] = stripslashes($_POST['password1']);
}
These details are now stored in session memory and cannot be accessed directly.
The same page then redirects to step 2 which eliminates spammers.
PAGE 2: E-mail verification
To make sure that the e-mail address is valid, this page takes values from the session variables and creates an e-mail showing certain values.
More importantly, it contains a link to a verification page
$memid is a randomly generated, unique ID number that takes certain values to the verification page.PHP Code:www.freecrm.x10hosting.com/crmregistration/accountverify.php?memid='.$memid.'
PAGE 3: Verification
This bit was a bit tricky to get my head round. You can't pass a password (or any personal data) in a URL (i.e. the link from the e-mail) so the 1st verification page needs to find (create recordset of) the initially inserted "unvalidated" record and check a password against it.
So, this page depends on what is in the URL and is just visually a form with one password field.
It takes the real password in the database and the password entered in the form and passes both into a session variable to page 4..
PAGE 4: Verification completion
Very simply checks real password with password in form field and if the two match, the record in the database updates with a user access level that can be used...
E-mail checked, Job done and no personal data shown!
Theres obviously quite a bit of code in here and I can't put it all in at once so let me know which bits you're interested in!
x10 Sophmore
wow that is pretty impressive...
So do I need to set up a mySQL database? To explain a bit further for my project - there will be 4 pages submitting different information on each, also it is not a registry so users don't require passwords - only to be sent to unique pages so that they cannot skip (as understood). As a result although I am convinced that this is the technique that I should use I'm wondering if the process will be a little more different and perhaps I don't require all of the 4 pages you mentioned. Here's some questions on them:
Let's go from stage 2
1) How is $memid randomly generated?
2) How is this achieved?To make sure that the e-mail address is valid, this page takes values from the session variables and creates an e-mail showing certain values.
Much thanks for your thoughts on this.. very helpful honestly!
x10 Elder
Well you can do it with one page too. just $_POST to itself, with a variable which leads to more code.
I'm not sure exactly what you are looking for still, but I think you would do well to look up PHP sessions. session_start() sends a unique cookie to the user, which is then used in subsequent pages to identify the user.
x10 Elder
Thanks!
As far as I understand it, you do not have a "registry" i.e. no users.
The MySQL is purely a backend database that stores information. If you don't need to store anything for future reference, you don't need the database and php is perectly capable of operating without it.
Simple:
I have a function that can in the main page script or as a seperate file:
This function can then be called for any number of uses.PHP Code:<?php
//function to create random string
function createRandomString() {
//specify characters to be used
$chars = "ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz23456789";
srand((double)microtime()*1000000);
$i = 0;
$pass = '' ;
//specify the string length
while ($i <= 25) {
$num = rand() % 70;
$tmp = substr($chars, $num, 1);
$pass = $pass . $tmp;
$i++;
}
return $pass;
}
?>
PHP Code:<?php
// Usage
$randomwhatever = createRandomString();
$memid = createRandomString();
$boguscharacterstring = createRandomString();
?>This unfortunately does require MySQL as you have to store some values for verification - as a minimum, you need to store the e-mail address.
To ensure fully that an e-mail is valid (not just formatted correctly), you need to send an e-mail to the e-mail address supplied and allow that person to reply to it. If you don't get a response, the user has either not botheres or it was not valid.
The verification page creates a recordset from the carried $memid (obtained by using $_GET['memid']) and using that to verify that a response has been had from the e-mail address.PHP Code:<?php
$email = $_POST['email'];
$headers = 'MIME-Version: 1.0' . "\r\n";
$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
$headers .= "Content-Transfer-Encoding: 7bit\r\n";
$headers .= 'From: you(you@yoursite.com)' . "\r\n";
$headers .= 'Reply-To: you@yoursite.com' . "\r\n";
$headers .= 'Return-Path:'.$email. "\r\n";
$headers .= 'X-Sender: '.$email. "\r\n";
$headers .= 'X-Mailers: PHP /'.phpversion() . "\r\n";
$subject = "E-mail address Verification";
$message = '
<html>
<body>
<font size="2" face="Arial">
<p>Thank you for .... whatever.</p>
<p>Please click on the link below to complete your registration. </p>
<p><a href="http://www.yoursite.com/verify.php?memid='.$memid.'"> www.yoursite.comverify.php?memid='.$memid.' </a></p>
<p><em>
Do not reply to this e-mail. If you have received this e-mail in error, please ignore it.
</em></p>
</font>
</body>
</html>
';
ini_set(sendmail_from,$email);
if (@mail('<'.$email.'>',stripslashes($subject),stripslashes($message),stripslashes($headers)))
{
echo ('
<p>Verification e-mail successfully sent to '. $email . '</p>
');
}
else
{
echo ('
<p>Error! The verification e-mail has failed to send to ' . $email . '. Please try again.</p>
');
}
ini_restore( sendmail_from );
?>
Without knowing exactly what you are after, it is difficult to specify what you shoud be doing, which is why this explanation is a little obscure....
x10 Elder
freecrm you are a Trojan! Well, that and you have far too much time on your hands!
Posting Permissions
LinkBack URL
About LinkBacks
Reply With Quote
