Jump to content

passing variables through link

chiefrokka

By chiefrokka
in PHP Coding Help

 Share

Recommended Posts

chiefrokka Member

chiefrokka

Posted
Posted

ok, I need to keep passing "LeagueID" to every page.  I know how to pass variables through post and get but isn't passing it through web address ?LeagueID=".$LeagueID." a very bad thing because someone can just change the address to a different league and the code would be trying to alter that League settings? 

 

I could use Post but some pages don't have forms and it just has a graphical image to click "Continue" so I can't really send a hidden or post variable right?  whats the best solution to send LeagueID to everypage?  I guess I could use Session or cookie maybe?

Link to comment
https://forums.phpfreaks.com/topic/89950-passing-variables-through-link/
Share on other sites
chiefrokka Member

chiefrokka

Posted
  • Author
Posted

ok I'll use a session I guess.  now I haven't gotten into cookies yet but I plan to set one when someone logs in I will set a cookie and I'm gathering I can put the LeagueID in that cookie and retrieve it on every page I need it right? 

 

thanks

aebstract Advanced Member

aebstract

Posted
Posted

Yeah you can, I recommend using sessions for logins, though its whatever preference you have I suppose. I have only heard that sessions are more secure and solid to work with. That and some people block cookies, though I'm not sure if it would override that or not, that may be an issue to.

laffin Newbie

laffin

Posted
Posted

This is true, because session information isnt stored on the users machine, as cookies are (again users can change cookies, thus defeating the purpose of moving away from GET to cookies for security).

 

Sessions are stored either file based (decided by the server) or in a db.

 

So 2 options are storing user info in Sessions or DB

chiefrokka Member

chiefrokka

Posted
  • Author
Posted

ok, I have all my login info set up with Sessions and I pass LeagueID to all the setup pages.  the only thing now I gotta figure out is cookies since I want a user to only have to sign in once and have option to stay logged in for like 2 or 3 days so I can't use Sessions for that but have to rely on cookies I guess to store their name,pass,LeagueID.

 

sessions are nice and easy to pass variables though.  thanks

laffin Newbie

laffin

Posted
Posted

Yes U Can

Sessions already does this for u.

It stores a cookie with the session id on the users pc.

 

Question is in validating that session to that user.

so the id can be stored in a session as well

 

so now ya need a validation cookie.

 

a simple way, is if the user id is stored in the session.

 

use a md5 of the user id and the league id

 

$vc = md5($userID . $LeageID)

 

now looking at the setcookie function

 

bool setcookie  ( string $name  [, string $value  [, int $expire  [, string $path  [, string $domain  [, bool $secure  [, bool $httponly  ]]]]]] )

 

we want the cookie to expire after 1 day

so we add in our expiration period

$expires=time()+(60*60*24);  // 1 Day added from today multiply by num of days needeed

 

after the user logs in and is verified, ya set the cookies and session info

function session_setinfo($userID,$leagueID)
{
  $expires=time()+(60*60*24);  // 1 Day added from today multiply by num of days needeed
  $vc = md5($userID . $LeageID);
  setcookie('vc',$vc,$expires);
  $_SESSION['userid']=$userID;
  $_SESSION['leagueid']=$leagueID
}


during other pages we want to validate the user
[code]
function session_defaults()
{
  setcookie('vc','');
  $_SESSION['userid']='';
  $_SESSION['leagueid']='';
}
if(isset($_COOKIE['vc']) {
  if(isset($_SESSION['userid'] && isset($_SESSION['leagueid']) {
    if(md5($_SESSION['userid'] . $_SESSION['leagueid']) == $_COOKIE['vc']) {
       
if(isset($_SESSION['userid'] && isset($_SESSION['leagueid']) && isset($_COOKIE['vc']))
{
   if(md5($_SESSION['userid'] . $_SESSION['leagueid']) == $_COOKIE['vc']) {
   {
     $expires=time()+(60*60*24);  // 1 Day added from today multiply by num of days needeed
     setcookie('vc',$_COOKIE['vc'],$expires);
  } else {
     session_defaults(); // invalid session/cookie response, reset session/cookie info
  }
} else session_defaults(); // no session/cookie response, reset session/cookie info

 

Code is just off the top of my head, expect bugs :)

 

[/code]

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.