6 Replies - 520 Views - Last Post: 15 May 2011 - 03:02 PM Rate Topic: -----

#1 Sayid Ahmed  Icon User is offline

  • D.I.C Head

Reputation: 11
  • View blog
  • Posts: 156
  • Joined: 20-August 08

Sending user data across links

Posted 14 May 2011 - 02:50 PM

Hello,

I realise you can retrieve data from the $_GET function, so that user A can view user B's personalised page by going on page.php?a=userb and all of user B's stored data can be retrieved. but is there an alternative method to this, so that user A has to click on a link for user B's page and not just through URL, as this page may or may not be restricted to him? Can you set a link to send something across, such as a username or a mysql query? would $_POST work for this situation?

Is This A Good Question/Topic? 0
  • +

Replies To: Sending user data across links

#2 maniacalsounds  Icon User is offline

  • D.I.C Regular
  • member icon

Reputation: 117
  • View blog
  • Posts: 472
  • Joined: 27-June 10

Re: Sending user data across links

Posted 14 May 2011 - 04:46 PM

Well, if you were wanting to protect it to certain users, it might be better to check session variables to get the page viewer's username. Aftwerwards, redirect them if they aren't an allowed user?
Was This Post Helpful? 0
  • +
  • -

#3 macosxnerd101  Icon User is online

  • Self-Trained Economist
  • member icon




Reputation: 10466
  • View blog
  • Posts: 38,789
  • Joined: 27-December 08

Re: Sending user data across links

Posted 14 May 2011 - 06:53 PM

While Session variables are good for storing user-specific data that shouldn't be public, you can use the urlencode function to pass parameters to the URL that you can view with the $_GET variable. This will allow you to use single PHP pages to parse the variables. For example, you can have a profiles.php page parse the URL with the $_GET superglobal to display the specified profile in the URL. Of course, always sanitize and vaidate the values in the URL, as the user has access to them.
Was This Post Helpful? 0
  • +
  • -

#4 Sayid Ahmed  Icon User is offline

  • D.I.C Head

Reputation: 11
  • View blog
  • Posts: 156
  • Joined: 20-August 08

Re: Sending user data across links

Posted 15 May 2011 - 04:44 AM

View Postmaniacalsounds, on 15 May 2011 - 12:46 AM, said:

Well, if you were wanting to protect it to certain users, it might be better to check session variables to get the page viewer's username. Aftwerwards, redirect them if they aren't an allowed user?


I've already set that to my restricted to pages. If a user is not logged in, they get redirected away. With the problem I'm referring to, if a link to user B's page is a available to user A, then they can visit that page, otherwise they're not allowed to visit. This way, user A has to open up a list/table of users, and find user B's page through there (why I need this is too long to explain). User A might cheat and simply type in his browser URL with userpage.php?a=userb to jump straight there without bringing up the list of users i've provided.

View Postmacosxnerd101, on 15 May 2011 - 02:53 AM, said:

For example, you can have a profiles.php page parse the URL with the $_GET superglobal to display the specified profile in the URL. Of course, always sanitize and vaidate the values in the URL, as the user has access to them.


The user will still be able to see the URL and then use it again, wouldn't they?
Was This Post Helpful? 0
  • +
  • -

#5 codeprada  Icon User is offline

  • Changed Man With Different Priorities
  • member icon

Reputation: 946
  • View blog
  • Posts: 2,355
  • Joined: 15-February 11

Re: Sending user data across links

Posted 15 May 2011 - 10:47 AM

A dirty solution is you set a SESSION and cookie variable on one page like a random key or something which is needed on the 2nd page. That way you'll need the credentials from one page to visit the other.

Example
<?php
//page1
session_start();
$key = createRandomKey(); //of course you gotta make this function
setcookie('pagecred', $key);
$_SESSION['key'] = $key;
?>



<?php
//page2
session_start();
if($_SESSION['key'] != $_COOKIE['pagecred'])
	header("location: otherpage.php");
//rest of page
?>



//all other pages should have this
session_start();
if(isset($_SESSION['key']))
	unset($_SESSION['key']);
//if the user goes to any other page then they can't access page2 without going back to page1



It's a small solution I just thought up which will need some tuning up but it's something to build on.
Was This Post Helpful? 2
  • +
  • -

#6 macosxnerd101  Icon User is online

  • Self-Trained Economist
  • member icon




Reputation: 10466
  • View blog
  • Posts: 38,789
  • Joined: 27-December 08

Re: Sending user data across links

Posted 15 May 2011 - 11:29 AM

Quote

I've already set that to my restricted to pages. If a user is not logged in, they get redirected away. With the problem I'm referring to, if a link to user B's page is a available to user A, then they can visit that page, otherwise they're not allowed to visit. This way, user A has to open up a list/table of users, and find user B's page through there (why I need this is too long to explain). User A might cheat and simply type in his browser URL with userpage.php?a=userb to jump straight there without bringing up the list of users i've provided.

Clicking a link vs. typing the data into the URL doesn't really make a difference if you validate that the user has permission. So the PHP page should do validation first. If the user has permission, dispaly the page. Otherwise, don't.
Was This Post Helpful? 0
  • +
  • -

#7 Sayid Ahmed  Icon User is offline

  • D.I.C Head

Reputation: 11
  • View blog
  • Posts: 156
  • Joined: 20-August 08

Re: Sending user data across links

Posted 15 May 2011 - 03:02 PM

View Postcodeprada, on 15 May 2011 - 06:47 PM, said:

It's a small solution I just thought up which will need some tuning up but it's something to build on.


I see what you're doing here, I'll try to work round that. Thanks a lot
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1