Unique php page

[freecrm]

Oh...shame that..

I'm using 4 pages - the $memid is created on the second page and $GET to retrieve it on the third page but I need it on the fourth as well. So can you tell me exactly how I create the session variable?

Thanks as always_

No problem.. simple.

When you've created your random $memid on the 2nd page, just below it, put

  $_SESSION['memid'] = $memid;

This session variable is now set for every page the browser visits until he closes the browser. In other words, you no longer have to send it in the URL so the links you are using from page 2 to 3 can be set to the standard lin without the ?memid=<?php echo etc. etc.

On the 3rd and fourth page, instead of using

$_GET['memid']

use

$_SESSION['memid']

Both will pull the variable from session memory.
Edit:
Just remembered..

You need to make sure you have the session started.

Just put

session_start();

at the very top of the page.

 

[bunglebrown]

This is great - I didn't get it to work on the next pages' URL but at least I know that you know what you're talking about it... and it was inserted into the database so pleased there. A little fiddling and it will be fine I'm sure in the URLS. I put this into the form action - literally replacing the $_GET['memid'] as you suggested.

action="http://www.mywebsite.php?memid=<?php echo $_SESSION['memid'];?>"

Also I put this at the top of the page as you instructed.

<?php 
session_start();  
?>

not forgetting the:

<?php
 // Usage
 $randomwhatever = createRandomString();
 $memid = createRandomString();
 $boguscharacterstring = createRandomString();
 $_SESSION['memid'] = $memid;
?>

on the page that created the random $memid on the 2nd page as you said

Is this right? . . just not getting the code in the URL... thanks like never before

 

[freecrm]

action="http://www.mywebsite.php?memid=<?php echo $_SESSION['memid'];?>"

You don't need this now, provided you've assigned the memid to session.

This will now just be

action="http://www.mywebsite.php"

not forgetting the:

<?php
 // Usage
 $randomwhatever = createRandomString();
 $memid = createRandomString();
 $boguscharacterstring = createRandomString();
 $_SESSION['memid'] = $memid;
?>

on the page that created the random $memid on the 2nd page as you said

Is this right?

Sort of...
If its only the $memid you need to generate, you can delete the $randomwhatever line and the $boguscharacterstring line.

. . just not getting the code in the URL... thanks like never before

You won't do. The $memid variable is saved to session memory and is not passed by URL anymore. You can still call it nonetheless.

 

[bunglebrown]

thanks

You won't do. The $memid variable is saved to session memory and is not passed by URL anymore. You can still call it nonetheless.

so how do I call the $memid in the URL in each step process as it's only http://www.mywebsite.php currently?

 

[freecrm]

thanks



so how do I call the $memid in the URL in each step process as it's only http://www.mywebsite.php currently?

You don't call it from the URL any more.

To clarify the difference between the two methods:

1) URL's: The variable (i.e. $memid) is sent from page 1 to page 2 by putting the variable into the URL (extension at the end of the URL .php?memid=<?php echo $memid;?>) This value then has to be extracted from the URL in page 2 by using the $_GET function. If you wanted to go to a third or fourth page, you would have to re-create the whole process for each page.

2) Sessions: The variable (i.e. $memid) is saved to session memory on page 1. On page 2, you simply call that value from memory, rather than from the URL. Similarly, you can call this value from session memory on any page (page 47 if you wanted). The value will still be there provided the session continues.

So for example, if previously you were using the $_GET['memid'] method to call your variable values from the URL, you now use $_SESSION['memid'] which provides exactly the same value, only it doesn't need anything in the URL to extract from.

Am I getting any clearer?

 

[bunglebrown]

So for example, if previously you were using the $_GET['memid'] method to call your variable values from the URL, you now use $_SESSION['memid'] which provides exactly the same value, only it doesn't need anything in the URL to extract from.

so are you telling me that it isn't seen in the URL? Because I replaced the $_GET['memid'] with $_SESSION['memid'] as you can see in my previous post and it didn't show up in the next pages' URL as I wish.

 

[freecrm]

so are you telling me that it isn't seen in the URL? Because I replaced the $_GET['memid'] with $_SESSION['memid'] as you can see in my previous post and it didn't show up in the next pages' URL as I wish.

Correct!

 

[bunglebrown]

so anyone can access these pages - I thought the point of unique URLS was so that they could not be accessed unless previous stages had been completed. Can we do this?

 

[freecrm]

so anyone can access these pages - I thought the point of unique URLS was so that they could not be accessed unless previous stages had been completed. Can we do this?

You're missing the point.

A "Session" is unique to the visitor even though you can't see it.

When the previous stage has been completed by an individual and the random character string is saved to session memory, no-one else can access it.

In other words, when the $memid is created, it remains unique to that person.

When I said "in memory", I didn't mean memory for anyone to access!

Login scripts commonly use session variables to control user authentication.

 

[bunglebrown]

no - I do get it, but if for example I have an upload section where users can upload images then anyone can access that page by simply entering the URL into the address bar and upload to my server. That's what I mean - I want to make it only accessible if they complete previous stages in the process. Do you know what I mean? Maybe I need to do something different for this. Thanks..

 

[freecrm]

no - I do get it, but if for example I have an upload section where users can upload images then anyone can access that page by simply entering the URL into the address bar and upload to my server. That's what I mean - I want to make it only accessible if they complete previous stages in the process. Do you know what I mean? Maybe I need to do something different for this. Thanks..

Now I'm with you!!!

I still think you should use sessions as this will allow you to use as many "steps" as you want.

However, when preparing the final link to the page, you need to extract the $memid from session memory and insert this as part of the URL that you are saving.

e.g.

<?php
$memid = $_SESSION['memid']; //extract the value from session
$urllink = "http://yoursite/uploadedimages/".$memid.".php"; // this adds the basic URL with the unique id.
echo $urllink; //this will show what the final link is.
?>

You then use the $urllink to insert to db.

 

[bunglebrown]

Will that code that you put last post put it into the url? 'cos it doesn't work when I try. If not, how do I?

I'm going to keep the db as it was - with just the $memid code. I hope this won't make a difference.

thanks & regards

 

[xav0989]

For my guess, I'd say that the best way to get around this problem is to read a couple of global php tutorials, and some registration/session php tutorial, and modify them.

 

[cursedpsp]

what you would want to do is use a while statement, a text file and some writing.

 

[freecrm]

Will that code that you put last post put it into the url? 'cos it doesn't work when I try. If not, how do I?

I'm going to keep the db as it was - with just the $memid code. I hope this won't make a difference.

thanks & regards

Well it depends on how you are using this character string.

Could you explain the whole process in detail and I can try to help from there.

i.e. - page 1 and what it does.

page 2

etc...

You say that you're using the $memid random string to form a URL link but how is this being done?

In order for this to be done, you need to show content based on the variable in the URL.

If this is the case, the code should have been.

<?php
$memid = $_SESSION['memid']; //extract the value from session
$urllink = "http://yoursite/linkpage.php?memid=".$memid ; // this produces the URL to a page with the unique id embedded.
echo $urllink; //this will show what the final link is but doesn't do anything else.
?>

 

[bunglebrown]

Page 1 - user enters personal details = working

Page 2 - random $memid is created and sent to users address (inputted on page 1) and $memid is saved to db. $_SESSION is also created = all working

Page 3 - user accesses the page through the automated email and can there select some checkboxes which I wish to be saved to the same db table as the info entered on page 1 = not currently working

Page 4 - user uploads an image to the server = not working

You say that you're using the $memid random string to form a URL link but how is this being done?

If this is the case, the code should have been.
FreeCRM - your post of 10-23-08 led me to believe that I could have the $memid in the url as I did with the $_GET beforehand, however with more than just the following page (as with the $_SESSION). I therefore tried to use this code in doing so.

As you know I'm trying to limit access to these unique pages so that users must complete the process step by step to reach them. Am I right in thinking that the $_SESSION does that? But I am using the $_SESSION and it doesn't input into the database so I have kept that as $memid. Also as yet I have been able to access all of the pages by simply putting the URL in the address bar which means that they are not unique. I have followed the steps you have guided me through and now think you understand what I want and what I have but if not I can explain more. Thanks for the help_

 

[freecrm]

OK

Check list:

1) On page 2, is the $memid structured as part of the URL link back to page 3? In other words, when you view Page 3 from the e-mailed link, does the address bar include something like

http://www.yoursite.com/page3.php?memid=drRE3-iisd

2) On page 3, you need to create a recordset based on the $memid in the URL so that you are accessing the same record that was created originally. This recordset should also contain the unique ID.

[SQL] SELECT * FROM TABLE WHERE MEMBERSHIPID LIKE $_SESSION['memid']
[/SQL]

(Not sure if you can put session variables directly into SQL statements - if not, you'll have to allocate the memid as a normal variable first before putting it in to the SQL.)

Put the unique id from that recordset in your form (hidden field). The default value for this field would be something like

<?php echo $row_recordset['uniqueid']; ?>

The sql statement to save the checkbox options is just an update, not an insert.

The Update will find the unique id placed in the hidden field and update that record accordingly.

I suggest you get this step working correctly first.

3) uploading images is not my speciality and I recommend you set up a new thread for this.

 

[bunglebrown]

1) On page 2, is the $memid structured as part of the URL link back to page 3? In other words, when you view Page 3 from the e-mailed link, does the address bar include something like

Code:
http://www.yoursite.com/page3.php?memid=drRE3-iisd

No - it doesn't

2) On page 3, you need to create a recordset based on the $memid in the URL so that you are accessing the same record that was created originally. This recordset should also contain the unique ID.

This is my attempt:

$query_rsdef2 = sprintf("SELECT search_memid, ad_application FROM `bungle_MFPOI` WHERE search_memid = %s", GetSQLValueString($colname_rsdef2, "text"));
$query_limit_rsdef2 = sprintf("%s LIMIT %d, %d", $query_rsdef2, $startRow_rsdef2, $maxRows_rsdef2);
$rsdef2 = mysql_query($query_limit_rsdef2, $ad_application) or die(mysql_error());
$row_rsdef2 = mysql_fetch_assoc($rsdef2);

It's returning this though:

Warning: mysql_query(): supplied argument is not a valid MySQL-Link resource in

$rsdef2 = mysql_query($query_limit_rsdef2, $ad_application) or die(mysql_error());

Then I put this into the form action:

action="http://www.webvertising4free.com/MFPOI/indexMFPOI1applynowS2brecovery.php?memid=<?php echo $row_recordset['memid']; ?>"

I must confess to not knowing why I need a unique ID when I have the $memid. Thanks for all/

 

[freecrm]

No - it doesn't

The I suggest you refer to my post 2.10 which details how to do this in the e-mail link.

Any resultant Recordset won't work unless this variable is passed on because it doesn't have anything to look for.

I would suggest that you temporarily echo the $memid on page 3 to make sure it is pulling through.

<?php echo $_GET['memid'];?>

The unique id is critical.

Althought the chances of getting a repeat $memid are extremely small, there is a very small chance, whereas a unique id will not repeat.

Alternatively, you can set the DB structure so that the search_memid field is unique (rather than having a seperate field). This however may present some problems on page 2, so I suggest you create a seperate uniqueid field (int(10) autoincrement) and use that as the identifier.

I hear you ask "why not just use the uniqueid instead of the randomly created $memid?"

Well, it would be veru easy to guess the uniqueid as they run consequetively 0,1,2,3 etc. so if you use this in your URL, anyone could easy access it.

 

[bunglebrown]

1) On page 2, is the $memid structured as part of the URL link back to page 3? In other words, when you view Page 3 from the e-mailed link, does the address bar include something like

Code:
http://www.yoursite.com/page3.php?memid=drRE3-iisd

sorry - misunderstood - this is working yes. I also realised that as you suggested page 3 does contain the $memid using $SESSION as long as the user doesn't close the browser window or press 'back', etc.

So I have the db set up with unique id and memid as you directed as well as the other columns. I might be going around in circles here but how do you suggest that I insert user data inserted on page 3 into the same table as page 2 so that all the info for the same user is in the same table row?

Also currently I can still enter http://www.yoursite.com/page3.php and access the page without the need for a code - I need to make it unaccessible to those who don't follow the process and am still unsure how to do this.

_many thanks

just noticed the last part of this sentence:

Alternatively, you can set the DB structure so that the search_memid field is unique (rather than having a seperate field). This however may present some problems on page 2, so I suggest you create a seperate uniqueid field (int(10) autoincrement) and use that as the identifier.

So how exactly could I use it as the identifier?