sasori Posted October 2, 2011 Share Posted October 2, 2011 Hi, I was asked to create an app, wherein, the user may enter the email addresses of people manually, and it auto generates a random key. now this key will be used access such pages e.g proposal.test.com/ppc proposal.test.com/seo proposal.test.com/design so using the key for example => Sa22asdf it should appear like this proposal.test.com/ppc/Sa22asdf proposal.test.com/seo/Sa22asdf proposal.test.com/design/Sa22asdf without the unique key generated during the input of email address, the URL mentioned shouldn't be accessed by anyone.. now my question is, how to approach this thing in PHP ? I have done the input for email address and generation of random keys., but i don't know yet what to do or how to do the securing of pages using those keys ? Quote Link to comment Share on other sites More sharing options...
codefossa Posted October 2, 2011 Share Posted October 2, 2011 If you wanna be sure they put in an email and that's the correct link, you could just add the key to $_SESSION and compare it. I don't know if I fully understand though, because no matter what email they entered, they would be able to view the page, unless you have email validation. Also, if you want to save it past their session, you'd want to use SQL. Quote Link to comment Share on other sites More sharing options...
the182guy Posted October 2, 2011 Share Posted October 2, 2011 Store the keys with the emails in a db then when the page is viewed check the key in the query strut against the db. Quote Link to comment Share on other sites More sharing options...
sasori Posted October 2, 2011 Author Share Posted October 2, 2011 ok let me explain how the system works the app that i created is at e.g proposals.test.com/admin/ - this app is solely made for one person only, because he wanted to input email addresses of people manually by himself - this app currently allows him to login as admin and input email addresses, once an email address was input and the form was submitted, a random generated key is also saved together with that email address. now, those URL that I mentioned at my first post, how will I approach the access of those pages? how to check if user did has an existing and matching key from the database ? because each unknown end user can just type in the url to the browser bar e.g proposals.test.com/seo/blahblah <-- what if blahblah doesn't exist in db? he'll be able to see the page.. so what to do now? Quote Link to comment Share on other sites More sharing options...
litebearer Posted October 2, 2011 Share Posted October 2, 2011 Since we have yet to see any of your code, here is some logic to consider... page 1 - form used to login - username / password form posts to page 2 page 2 - start sessions check to see that form was submitted - if not - back to page 1 cleanse form data - if bad - back to page 1 check data base to see if form data has a match if not - back to page 1 if yes - set session variable direct to first secure page pages 3 thru *** (all secure pages) start sessions validate session variable if bad - redirect to page 1 if good - display content Quote Link to comment Share on other sites More sharing options...
sasori Posted October 3, 2011 Author Share Posted October 3, 2011 the 3 sample urls that i gave aren't meant to be connected to the app that i created, they were meant to be distributed to people, manually, like let's say i'm the owner of the app that was build, then I input email addresses, if i want to send something to one of the email addresses, I'll get the e.g proposal.test.com/seo and append the key to this url and send it to email. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.