supertooper Posted September 2, 2014 Share Posted September 2, 2014 (edited) Hello! I am trying to display content that will only be displayed for 30 seconds to each visitor. I want to have a unique ID given to each user that visits my page and also add that assigned ID to the end of the URL. If the page is loaded again after 30 seconds, I want the unique user ID to redirect using header(); So When a suer visits my page, I want the end of the url to have “userid=“ like this: http://example.com/page.php?userid=0000000001 If that user comes back to the same url after 30 seconds, I want to redirect using header(); How do I do this? what is the best way? Edited September 2, 2014 by supertooper Quote Link to comment https://forums.phpfreaks.com/topic/290792-adding-user-id-to-url-that-redirects-after-30-seconds/ Share on other sites More sharing options...
Psycho Posted September 2, 2014 Share Posted September 2, 2014 Not sure what you are trying to achieve here. If you are trying to prevent the user from viewing content after that 30 seconds it is an impossible task. It would be very easy for someone to circumvent that if they have any clue about how the process works. But, since you asked: 1. On page load check to see if there is an expiration timestamp for that user ID in the database (we'll see how it gets there later). If no, skip to step 3 2A. If yes, AND if the current time is past the expiration, use a header() function to redirect to some other page. 2B. If Yes AND the current time is not past the expiration, display the page and set a META REFRESH tag with the number of seconds until the expiration timestamp 3. If the expiration timestamp is not set, insert/update the entry for the user setting an expiration timestamp 30 seconds in the future. Then display the content using a META REFRESH tag to redirect after 30 seconds. Quote Link to comment https://forums.phpfreaks.com/topic/290792-adding-user-id-to-url-that-redirects-after-30-seconds/#findComment-1489596 Share on other sites More sharing options...
supertooper Posted September 2, 2014 Author Share Posted September 2, 2014 Not sure what you are trying to achieve here. If you are trying to prevent the user from viewing content after that 30 seconds it is an impossible task. It would be very easy for someone to circumvent that if they have any clue about how the process works. But, since you asked: 1. On page load check to see if there is an expiration timestamp for that user ID in the database (we'll see how it gets there later). If no, skip to step 3 2A. If yes, AND if the current time is past the expiration, use a header() function to redirect to some other page. 2B. If Yes AND the current time is not past the expiration, display the page and set a META REFRESH tag with the number of seconds until the expiration timestamp 3. If the expiration timestamp is not set, insert/update the entry for the user setting an expiration timestamp 30 seconds in the future. Then display the content using a META REFRESH tag to redirect after 30 seconds. A little confusing and I didn't understand the timestamp part but I'll explain how I have it setup currently and maybe that will help I have it setup like this: 1. User visits http://example.com/page-a.php - A 30 second cookie called "setcookie" is set then the user is redirected. 2. Step 1 redirects user to http://example.com/page-b.php after the cookie is set - The browser checks for "setcookie" and if the cookie is not set, redirects user to http://example.com/page-c.php I'm trying to achieve this same setup without cookies by using a unique id in the url 1. every user is given a unique id such as: http://example.com/page.php?userid=0000000001 - is this possible? It's important that the URL changes for each user 2. If the url http://example.com/page.php?userid=0000000001 has been created within 30 seconds, display the content.. if not then i want to redirect the user with header(); Is it possible this way? I'm trying to get this to work without needing a page before the http://example.com/page.php?userid=0000000001 page Quote Link to comment https://forums.phpfreaks.com/topic/290792-adding-user-id-to-url-that-redirects-after-30-seconds/#findComment-1489599 Share on other sites More sharing options...
LeJack Posted September 2, 2014 Share Posted September 2, 2014 A little confusing and I didn't understand the timestamp part but I'll explain how I have it setup currently and maybe that will help I have it setup like this: 1. User visits http://example.com/page-a.php - A 30 second cookie called "setcookie" is set then the user is redirected. 2. Step 1 redirects user to http://example.com/page-b.php after the cookie is set - The browser checks for "setcookie" and if the cookie is not set, redirects user to http://example.com/page-c.php I'm trying to achieve this same setup without cookies by using a unique id in the url 1. every user is given a unique id such as: http://example.com/page.php?userid=0000000001 - is this possible? It's important that the URL changes for each user 2. If the url http://example.com/page.php?userid=0000000001 has been created within 30 seconds, display the content.. if not then i want to redirect the user with header(); Is it possible this way? I'm trying to get this to work without needing a page before the http://example.com/page.php?userid=0000000001 page Cookies are a bad idea. What makes you think the user won't just delete the cookie by right clicking > Page Info > Security > View Cookies > Delete specific cookie. Just use sessions instead of cookies because sessions works better and it's server side so the user won't see the cookies. Quote Link to comment https://forums.phpfreaks.com/topic/290792-adding-user-id-to-url-that-redirects-after-30-seconds/#findComment-1489600 Share on other sites More sharing options...
Psycho Posted September 2, 2014 Share Posted September 2, 2014 (edited) @supertrooper. I gave you an answer for what you want to achieve. WHat, specifically, did you not understand? This forum is for people to get help with code they have written. I understand you didn't provide any, but there is an assumption that people coming here have some understanding of the technology. So, I'll be generous, here is some "sample" code. You still need to flesh it out though - specifically the parts I put // . . . where you need to build the DB queries to run. Also, I didn't put in any error handling in the case that a user ID does not exists. I'll leave that to you to figure out. <?php //Get uesr ID if passed $userID = isset($_GET['userid']) ? $_GET['userid'] : false; if(!$userID) { //No userid passed, redirect somewhere (Note, not valid if User ID can be '0' header("Location: somewhere.php"); exit; } //Run query to get expiration time from DB // . . . // . . . // . . . $expiration = "SET AS VALUE FROM DB OR FALSE IF NOT SET"; if($expiration!=false && $expiration <= time()) { //If expiration is past current, redirect user somewhere header("Location: somewhere.php"); exit; } if(!$expiration) { //Expiration not set, set it to 30 seconds from now and populate record in DB // . . . // . . . // . . . //Set value for page refresh $refreshSeconds = 30; } else { //Expiration is set in future //Calculate remaining seconds $refreshSeconds = $expiration - time(); } ?> <html> <head> <meta http-equiv="refresh" content="<?php echo $refreshSeconds; ?>"> </head> <body> <?php echo "Content goes here"; ?> </body> </html> Edited September 2, 2014 by Psycho Quote Link to comment https://forums.phpfreaks.com/topic/290792-adding-user-id-to-url-that-redirects-after-30-seconds/#findComment-1489601 Share on other sites More sharing options...
cpd Posted September 2, 2014 Share Posted September 2, 2014 I get the impression the question asks how to display content within 30 seconds of some action as opposed to forcing a redirect after 30 seconds? Do you even need to redirect after 30 seconds? Your posts reflect both at the moment. Quote Link to comment https://forums.phpfreaks.com/topic/290792-adding-user-id-to-url-that-redirects-after-30-seconds/#findComment-1489604 Share on other sites More sharing options...
supertooper Posted September 2, 2014 Author Share Posted September 2, 2014 Cookies are a bad idea. What makes you think the user won't just delete the cookie by right clicking > Page Info > Security > View Cookies > Delete specific cookie. Just use sessions instead of cookies because sessions works better and it's server side so the user won't see the cookies. LeJack I'm not worried about the cookies expiring since the cookies will expire in 30 seconds so if the user does not visit the site through a specific link, the cookie will not be set and they will be redirected to page-c.php @supertrooper. I gave you an answer for what you want to achieve. WHat, specifically, did you not understand? This forum is for people to get help with code they have written. I understand you didn't provide any, but there is an assumption that people coming here have some understanding of the technology. So, I'll be generous, here is some "sample" code. You still need to flesh it out though - specifically the parts I put // . . . where you need to build the DB queries to run. Also, I didn't put in any error handling in the case that a user ID does not exists. I'll leave that to you to figure out. <?php //Get uesr ID if passed $userID = isset($_GET['userid']) ? $_GET['userid'] : false; if(!$userID) { //No userid passed, redirect somewhere (Note, not valid if User ID can be '0' header("Location: somewhere.php"); exit; } //Run query to get expiration time from DB // . . . // . . . // . . . $expiration = "SET AS VALUE FROM DB OR FALSE IF NOT SET"; if($expiration!=false && $expiration <= time()) { //If expiration is past current, redirect user somewhere header("Location: somewhere.php"); exit; } if(!$expiration) { //Expiration not set, set it to 30 seconds from now and populate record in DB // . . . // . . . // . . . //Set value for page refresh $refreshSeconds = 30; } else { //Expiration is set in future //Calculate remaining seconds $refreshSeconds = $expiration - time(); } ?> <html> <head> <meta http-equiv="refresh" content="<?php echo $refreshSeconds; ?>"> </head> <body> <?php echo "Content goes here"; ?> </body> </html> ill test this out and see if this is what I want but im I get the impression the question asks how to display content within 30 seconds of some action as opposed to forcing a redirect after 30 seconds? Do you even need to redirect after 30 seconds? Your posts reflect both at the moment. I just want to create a URL that will expire after 30 seconds.. if the user is still on the page thats fine, but i dont want new users or even the user that visited the original page to be able to visit the same page again.. So if they do visit the page again, I want it to redirect Quote Link to comment https://forums.phpfreaks.com/topic/290792-adding-user-id-to-url-that-redirects-after-30-seconds/#findComment-1489615 Share on other sites More sharing options...
LeJack Posted September 2, 2014 Share Posted September 2, 2014 LeJack I'm not worried about the cookies expiring since the cookies will expire in 30 seconds so if the user does not visit the site through a specific link, the cookie will not be set and they will be redirected to page-c.php That's not even the whole point. The whole point of you letting the person read what for 30 seconds and then forcing them not to. Here's what will happen. User 1 visits page http://www.example/page-a.php Page http://www.example/page-a.php sets a cookie for 30 seconds. Page http://www.example/page-a.php redirects to http://www.example/page-b.php User notices that the 2 pages uses cookies. Immediately goes and delete cookies. Abuses this right. Can either do a cookie injection You're basically letting the person do anything bad. Even though you might set a cookie on the front page so they get redirected after 30 seconds, you still need another set of cookies in order to remember if the cookies is set or not. In the end, you're just leading yourself to injections every where. What I suggest is use sessions because sessions are back end and you can always delete sessions at a certain time. It's not just there to be deleted after the browser is closed. You can always specify when and where the session is deleted. Sessions act just like cookies. They remember what the person does. Try this code for a second and tell me if you can delete it without knowing session_destroy() <?php session_start(); $_SESSION['example'] = "30 seconds are up"; echo $_SESSION['example']; ?> Quote Link to comment https://forums.phpfreaks.com/topic/290792-adding-user-id-to-url-that-redirects-after-30-seconds/#findComment-1489653 Share on other sites More sharing options...
Psycho Posted September 2, 2014 Share Posted September 2, 2014 OK, maybe I inferred a requirement to force a redirect after 30 seconds. Even so, the logic I provided will still apply but can be simplified. As LeJack has stated, cookies are the wrong solution since they reside on the user's PC and can be edited or deleted. You need to enforce this on the server side using data that is stateless - i.e. does not change due to expiring cookies or sessions. Here is a quick revise of what I posted previously that is much simplified. This is all off-the-cuff, so I'm sure there are some loose ends to resolve <?php //Get uesr ID if passed $userID = isset($_GET['userid']) ? $_GET['userid'] : false; //Create flag for expired status, default to true $expired = true; //Run query to get expiration time from DB for selected user $userIDSql = mysqli_real_escape_string($link, $userID); $query = "SELECT expiration FROM users WHERE user_id = '$userIDSql'"; $result = mysqli_query($link, $query); $user = mysqli_fetch_assoc($link, $result); //Will return false is no record returned //Verify a record was retrieved for selected user if($user) { //If the expiration value is NULL, then user has not tried to access the page yet if($user['expiration']=='') { //Add the expiration for the user $user['expiration'] = date('Y-m-d', time()+30); $query = "UPDATE users SET expiration = '$expiration' WHERE user_id = '$userIDSql'"; $result = mysqli_query($link, $query); } //Verify expiration time is in the future if(strtotime($user['expiration']) > time()) { $expired = false; } } //If expiration is true (user not found or expiration has passed) //Redirect to some other page if($expiration) { //If expiration is past current, redirect user somewhere header("Location: somewhere.php"); exit; } // . . . continue with displaying the page ?> Quote Link to comment https://forums.phpfreaks.com/topic/290792-adding-user-id-to-url-that-redirects-after-30-seconds/#findComment-1489661 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.