Unique php page

[bunglebrown]

Can anyone tell me how to make a unique php page so that when someone submits information they are directed to a unique page and therefore cannot skip that by entering the URL into the URL address bar/

like this:

http://forums.x10hosting.com/search.php?searchid=619273

 

[Salvatos]

I'm sorry but I don't understand what you mean. Your link brings me to a "Sorry - no matches. Please try some different terms." message.

 

[Ainokea]

yeah I think that what he wants I dont get why you cant just make that in html though... why does it half to be php?

 

[freecrm]

Surely the "unique" page would simply do a validation search on a database, depending on the $POST or even $SESSION variable from the previous page?? Or even just a simpler check of a specified value from these variables?

So even if you type in the correct URL, it wont carry the right variable and therefore not show correctly - as in the link you provided...

I have a few pages like this to do with new registrations on my website - otherwise, new users would be able to skip the registration procedure and gain access to the system. - I use $SESSION variables though because they are carried for the entire browser session.

Neither $POST, nor $SESSION variables appear in the URL and so cannot be manipulated (Javascript geeks - dont make this more complicated! )

 

[bunglebrown]

the URL I posted wasn't supposed to be a link but just an example of a unique URL and not a real one..

freecrm or anyone that knows - can you tell me how to create $session variables so that users cannot skip stages in a sign up process//

Ever grateful~

 

[freecrm]

the URL I posted wasn't supposed to be a link but just an example of a unique URL and not a real one..

freecrm or anyone that knows - can you tell me how to create $session variables so that users cannot skip stages in a sign up process//

Ever grateful~

My registration process contains few pages.

PAGE 1: Registration Form

First page is imple form with usual stuff - Username, Password, E-mail address etc.

On submit, the same page enters these details into the back end database but enters a value under the access level as "Unvalidated". This means that they can login but do not have access to any functions (as access level needs to be something other than unvalidated).

It also commits the $_POST variables from the form into $_SESSION variables like this:

if (isset($_POST['username'])) {
  $_SESSION['username'] = stripslashes($_POST['username']);
  }
 if (isset($_POST['password1'])) {
  $_SESSION['password'] = stripslashes($_POST['password1']);
  }

etc. for each variable.

These details are now stored in session memory and cannot be accessed directly.

The same page then redirects to step 2 which eliminates spammers.

PAGE 2: E-mail verification

To make sure that the e-mail address is valid, this page takes values from the session variables and creates an e-mail showing certain values.

More importantly, it contains a link to a verification page

www.freecrm.x10hosting.com/crmregistration/accountverify.php?memid='.$memid.'

$memid is a randomly generated, unique ID number that takes certain values to the verification page.

PAGE 3: Verification

This bit was a bit tricky to get my head round. You can't pass a password (or any personal data) in a URL (i.e. the link from the e-mail) so the 1st verification page needs to find (create recordset of) the initially inserted "unvalidated" record and check a password against it.

So, this page depends on what is in the URL and is just visually a form with one password field.

It takes the real password in the database and the password entered in the form and passes both into a session variable to page 4..

PAGE 4: Verification completion

Very simply checks real password with password in form field and if the two match, the record in the database updates with a user access level that can be used...

E-mail checked, Job done and no personal data shown!


Theres obviously quite a bit of code in here and I can't put it all in at once so let me know which bits you're interested in!

 

[bunglebrown]

wow that is pretty impressive...

So do I need to set up a mySQL database? To explain a bit further for my project - there will be 4 pages submitting different information on each, also it is not a registry so users don't require passwords - only to be sent to unique pages so that they cannot skip (as understood). As a result although I am convinced that this is the technique that I should use I'm wondering if the process will be a little more different and perhaps I don't require all of the 4 pages you mentioned. Here's some questions on them:

Let's go from stage 2

1) How is $memid randomly generated?

To make sure that the e-mail address is valid, this page takes values from the session variables and creates an e-mail showing certain values.

2) How is this achieved?

Much thanks for your thoughts on this.. very helpful honestly!

 

[mattura]

Well you can do it with one page too. just $_POST to itself, with a variable which leads to more code.

I'm not sure exactly what you are looking for still, but I think you would do well to look up PHP sessions. session_start() sends a unique cookie to the user, which is then used in subsequent pages to identify the user.

 

[freecrm]

wow that is pretty impressive...

Thanks!

So do I need to set up a mySQL database? To explain a bit further for my project - there will be 4 pages submitting different information on each, also it is not a registry so users don't require passwords - only to be sent to unique pages so that they cannot skip (as understood).

As far as I understand it, you do not have a "registry" i.e. no users.

The MySQL is purely a backend database that stores information. If you don't need to store anything for future reference, you don't need the database and php is perectly capable of operating without it.

1) How is $memid randomly generated?

Simple:

I have a function that can in the main page script or as a seperate file:

<?php
//function to create random string
 function createRandomString() {
//specify characters to be used    
$chars = "ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz23456789";
    srand((double)microtime()*1000000);
    $i = 0;
    $pass = '' ;
//specify the string length
    while ($i <= 25) {
        $num = rand() % 70;
        $tmp = substr($chars, $num, 1);
        $pass = $pass . $tmp;
        $i++;
     }
     return $pass;
 }
 ?>

This function can then be called for any number of uses.

<?php
 // Usage
 $randomwhatever = createRandomString();
 $memid = createRandomString();
 $boguscharacterstring = createRandomString();
 ?>

2) How is this achieved?

This unfortunately does require MySQL as you have to store some values for verification - as a minimum, you need to store the e-mail address.

To ensure fully that an e-mail is valid (not just formatted correctly), you need to send an e-mail to the e-mail address supplied and allow that person to reply to it. If you don't get a response, the user has either not botheres or it was not valid.

<?php
   $email = $_POST['email'];
   $headers  = 'MIME-Version: 1.0' . "\r\n";
   $headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
   $headers .= "Content-Transfer-Encoding: 7bit\r\n"; 
   $headers .= 'From: you(you@yoursite.com)' . "\r\n";
   $headers .= 'Reply-To: you@yoursite.com' . "\r\n";
   $headers .= 'Return-Path:'.$email. "\r\n";
   $headers .= 'X-Sender: '.$email. "\r\n";
   $headers .= 'X-Mailers: PHP /'.phpversion() . "\r\n";
   $subject = "E-mail address Verification";
  
   $message  = '
    <html>
  <body>
  <font size="2" face="Arial">
  <p>Thank you for .... whatever.</p>
  <p>Please click on the link below to complete your registration. </p>
    <p><a href="http://www.yoursite.com/verify.php?memid='.$memid.'"> www.yoursite.comverify.php?memid='.$memid.' </a></p>
  <p><em>
        Do not reply to this e-mail. If you have received this e-mail in error, please ignore it.
  </em></p>
  </font>
  </body>
</html>  
   ';
  
  ini_set(sendmail_from,$email);
  if (@mail('<'.$email.'>',stripslashes($subject),stripslashes($message),stripslashes($headers)))
  {
    echo ('
 <p>Verification e-mail successfully sent to '. $email . '</p>
 ');
  }
  else
  {
    echo ('
 <p>Error! The verification e-mail has failed to send to ' . $email . '. Please try again.</p>
 ');
  }

  ini_restore( sendmail_from );
?>

The verification page creates a recordset from the carried $memid (obtained by using $_GET['memid']) and using that to verify that a response has been had from the e-mail address.


Without knowing exactly what you are after, it is difficult to specify what you shoud be doing, which is why this explanation is a little obscure....

 

[mattura]

freecrm you are a Trojan! Well, that and you have far too much time on your hands!

 

[bunglebrown]

I have to agree and am really eager but am having a problem http://forums.x10hosting.com/scripts-3rd-party-apps/84205-dw-error-message.html inserting records so I can't try it all out yet.

 

[freecrm]

Thanks for the comments guys - its these remarks that provide enough incentive to do it! - well that and reps and credits lol.

 

[bunglebrown]

after testing this I can say this truly was great freecrm..

.. it works very well. Only I would like for following pages to contain the same code (throughout the process) in their urls. I did try to use the following code but it didn't work. How do I get this going?

<?php
$_GET['memid']
?>

 

[bunglebrown]

Once the unique page has been submitted with yet more information I have another form on the following page. It is here that I am trying to obtain the memid that is unique to the user - here is what I have but it's not successfully reproducing the same url on another page. Any samaritans??

<form id="form1" method="post" action="http://www.mysite/verify.php?memid=$_GET['.memid']" onsubmit="return submitcheckboxes()">

 

[AttackBunnyPro]

That won't work unless you put PHP beginning and end statements around the PHP. Try this:

<form id="form1" method="post" action="http://www.mysite/verify.php?memid=
<?php
echo $_GET['.memid'];
?>
" onsubmit="return submitcheckboxes()">

And that should work. If you want PHP to 'talk' or 'echo' to HTML, you need to use either the print or echo statement. That lets PHP know that whatever you have on that line needs to be 'echoed' or 'printed' to PHP.

 

[Salvatos]

$_GET['.memid']
Why the period?

 

[freecrm]

It's important to note that this value $memid can be carried in a number of ways from the previous page.

You can put it in a form (I would prefer hidden form field) or as part of a SQL query.

All you need to do is to call that value by using the script above.

<?php echo $_GET['memid'];?>

This purely "prints" the value but you can use it in a number of other ways.

For instance, if you want to use this value in lots of places, without having to "GET" it, you can assign it to another variable at the beginning of the script.

<?php $memid = $_GET['memid'];?>

The $_GET bit purely extracts information from the existing URL. This code above assigns that value to a seperate variable that can be used anywhere.

I know $_GET['memid'] could be put into anything but it makes life easier.

If you then wanted to pass the same variable on to the next page, you would simply "echo" or print it again in the URL.

http://www.whatever.com/nextpage.php?memid=<php echo $memid;?>

 

[bunglebrown]

These were ideal replies and as a result I have progressed on this - so thanks greatly to all..

I bring another related question forward to this thread after such a great response..

I would like to record the memid (code for unique URL) in my database along with other submitted information in order to identify the user for other information that they submit on other pages. I added the following to the top of the page from what I have already got from this thread.

<?php 
//Change these
$db = 'my_database';
$user = 'my_username';
$password = 'my_password';

if(!mysql_connect('localhost', $user, $password)) {
 exit(mysql_error());
}
if(!mysql_select_db($db)) exit(mysql_error());

/* If you don't see any error messages 
either the connection was successful or 
display errors is turned off */ 
?>

<?php
function record_information($memid, $name, $email) {

 //Sanitize input

 $name = mysql_real_escape_string($name);

 $email = mysql_real_escape_string($email);


 //Build SQL insert query

 $query = "INSERT INTO `my_table` VALUES ('$memid', '$name', '$email')";

 //to debug you may want to echo $query


 //Attempt to insert record. Return result

 return mysql_query($query);

} 
?>

I'm not sure how to sanitize the input for the memid - I did attempt to use $_GET['memid'] - but this didn't work. I added this to the bottom:

<?php

if(record_information($_POST['memid'],$_POST['name'], $_POST['email'])) {
  echo 'Message saved to DB';
}
else echo 'An SQL error occurred. Do some debugging'; 

?>

How do I input the exact memid into my database that the user receives in their emails to access the next step of the process?

 

[freecrm]

I'm not entirely sure how many pages you are using this sytem for...

The $_POST and $_GET functions only work for the page 1 and page 2. Any subsequent pages will not be able to carry this information unless it is specifically put back into the URL (which is a messy way of doing it).

As I mentioned on the first page, I am now thinking you should assign the $memid to a session variable, which stays in memory until the end (duh) of the session!

You can then call this variable on any page without having to worry about $_GET's. This also means that you can use it directly to use in your insert statement.

Just to clarify - on what page is the $memid created and wht do you do with it from there?

You say that the $_GET didn't work above which would indicate to me that it doesn't exist in the URL.

 

[bunglebrown]

Oh...shame that..

I'm using 4 pages - the $memid is created on the second page and $GET to retrieve it on the third page but I need it on the fourth as well. So can you tell me exactly how I create the session variable?

Thanks as always_