Page 1 of 1

Self containment

Posted: Wed Aug 28, 2002 10:13 am
by jidospod
Hey guys.

Right now my entire script is in one file (yes dont ask we've been through this before hehe) When I submit information in a form i have it returning with a var like ?id=apply or such.

How can I contain this so that the user is never shown where its going? There must be a way. I just dont want people to be able to bookmark certain sections.

No matter where they are I want to have it displayed like "file.php" in the Address bar. Hope this makes some sense.

Posted: Wed Aug 28, 2002 10:17 am
by volka
method="post" won't show up in the status/address-bar

but taking a look in the 'source-view' this is no real protection

Posted: Wed Aug 28, 2002 10:26 am
by jidospod
volka wrote:method="post" won't show up in the status/address-bar

but taking a look in the 'source-view' this is no real protection
Im just wondering if there is a nice way to self contain. For example say I post to $PHP_SELF (I know I mistyped.. its early). And I pass a variable such as 2, which isnt added to the url, then once it loops back to post it, I should be able to parse the option # whatever it is and send the user to the appropriate function.

Now my problem is this, I've tried unsuccessfully to actually make this work, although Im almost certain that it would. Does anyone have a small example of how I would implement such a thing?

Posted: Wed Aug 28, 2002 10:36 am
by volka
if your page is displayed in a frame the address isn't shown in the top-addressbar (but right-click->properties reveals it anyway)

replace window.status in onMouseOver() - this will override the url-display - or use a <button onClick="changeURL(....)"> and use a script-Funktion to change the document's href/url

You can do a thousand things more - but all this wouldn't hide it 100%.

Posted: Wed Aug 28, 2002 11:46 am
by jidospod
No Im not worried about "hiding" the url so to speak.

I am worried about people bookmarking certain sections of it. I will be using sessioning and cookies, both expire after browser close or user logout, I just dont want ppl to be able to bookmark http://www.mysite.com/bleh.php?id=submit-news

So I want to somehow self contain this.

Posted: Wed Aug 28, 2002 11:51 am
by nielsene
It sounds like you just want to use post instead of get. That will stop bookmarking,etc. It also keeps the url "pretty" and unmangled.

One of your followup posts was confusing about why post wasn't good for you, can you clarify?

The only things you should need to change are
<form method="GET" to "POST" and any HTTP_GET_VARS to HTTP_POST_VARS (_GET to _POST, if using the superglobals)

Posted: Wed Aug 28, 2002 12:12 pm
by 9902468
So what's the problem? If u want that a user is able to bookmark use GET and if you don't want use POST && session variables. (Like many have suggested) Also if you check that variables are coming from $_POST users won't be able to just guess the param names in url. Are we missing something now, or is it you? Or do you have problem in logic: do some variables have different maning after a certain flag is set or something like that?

-9902468