Self containment

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
jidospod
Forum Commoner
Posts: 33
Joined: Tue Jun 11, 2002 1:05 am

Self containment

Post by jidospod »

Hey guys.

Right now my entire script is in one file (yes dont ask we've been through this before hehe) When I submit information in a form i have it returning with a var like ?id=apply or such.

How can I contain this so that the user is never shown where its going? There must be a way. I just dont want people to be able to bookmark certain sections.

No matter where they are I want to have it displayed like "file.php" in the Address bar. Hope this makes some sense.
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

method="post" won't show up in the status/address-bar

but taking a look in the 'source-view' this is no real protection
jidospod
Forum Commoner
Posts: 33
Joined: Tue Jun 11, 2002 1:05 am

Post by jidospod »

volka wrote:method="post" won't show up in the status/address-bar

but taking a look in the 'source-view' this is no real protection
Im just wondering if there is a nice way to self contain. For example say I post to $PHP_SELF (I know I mistyped.. its early). And I pass a variable such as 2, which isnt added to the url, then once it loops back to post it, I should be able to parse the option # whatever it is and send the user to the appropriate function.

Now my problem is this, I've tried unsuccessfully to actually make this work, although Im almost certain that it would. Does anyone have a small example of how I would implement such a thing?
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

if your page is displayed in a frame the address isn't shown in the top-addressbar (but right-click->properties reveals it anyway)

replace window.status in onMouseOver() - this will override the url-display - or use a <button onClick="changeURL(....)"> and use a script-Funktion to change the document's href/url

You can do a thousand things more - but all this wouldn't hide it 100%.
jidospod
Forum Commoner
Posts: 33
Joined: Tue Jun 11, 2002 1:05 am

Post by jidospod »

No Im not worried about "hiding" the url so to speak.

I am worried about people bookmarking certain sections of it. I will be using sessioning and cookies, both expire after browser close or user logout, I just dont want ppl to be able to bookmark http://www.mysite.com/bleh.php?id=submit-news

So I want to somehow self contain this.
User avatar
nielsene
DevNet Resident
Posts: 1834
Joined: Fri Aug 16, 2002 8:57 am
Location: Watertown, MA

Post by nielsene »

It sounds like you just want to use post instead of get. That will stop bookmarking,etc. It also keeps the url "pretty" and unmangled.

One of your followup posts was confusing about why post wasn't good for you, can you clarify?

The only things you should need to change are
<form method="GET" to "POST" and any HTTP_GET_VARS to HTTP_POST_VARS (_GET to _POST, if using the superglobals)
User avatar
9902468
Forum Commoner
Posts: 89
Joined: Thu Jun 06, 2002 6:39 am
Location: Europe

Post by 9902468 »

So what's the problem? If u want that a user is able to bookmark use GET and if you don't want use POST && session variables. (Like many have suggested) Also if you check that variables are coming from $_POST users won't be able to just guess the param names in url. Are we missing something now, or is it you? Or do you have problem in logic: do some variables have different maning after a certain flag is set or something like that?

-9902468
Post Reply