i want to share something with a specific group of people.
the way i want to do it is: before the page is loaded , i prompt a question to the viewer , if the answer is right , then the page is loaded, if the answer is wrong , the user is turn to the warning page.(i want to avoid the registration process, a specific question is ok)
but there is a problem with this : every time the page is reloaded , the user have to type the answer again?
is there anyway that i can avoid this ?
(I assume you don't know how sessions work because you look new to StackOverflow) No, PHP (or other modern server technologies like ASP) have a session system that allows multiple users be online at same time. The server stores session variables in files, one per user. See http://ca2.php.net/manual/en/intro.session.php
You might also be interested in using Apache's .htaccess files to control access: http://httpd.apache.org/docs/2.0/howto/auth.html
(for questions about using .htaccess, check ServerFault)
First, I wouldn't recommend your approach for anything more than a trivial scenario. That being said, you would want to write a page that serves as your security page. On postback, validate the answer, set a session variable, and redirect to the protected page. The protected page should do a check during its load on that same session variable and redirect to the security page if the user has not answered the security question.
Related
I am trying to pass a value using a link.
For example, if I want to add an email and password for a user to Sign In straight away in the RainLoop webmail.
I am trying using
http://demo.rainloop.net/?RainLoopEmail="new#email.com"&RainLoopPassword="12345"
or
http://demo.rainloop.net/?RainLoopEmail="new#email.com"&RainLoopPassword="12345"#ID
Is this possible to do?
It is possible but you will have to rewrite the rainloop PHP files by yourself. Also parsing passwords via the GET method is a very bad idea. Get commands will stay in your history so everyone who types in
demo.rainloop.net will see the ?RainLoopPassword="12345" also. It's not recommended, but possible. Another safer solution will be using the POST method. I suspect you will use this for you bookmarks or something? You can make an AJAX page which sends a POST request with the username and password to demo.rainloop.net. This way nobody will see your passwords and the effect is the same.
EDIT: For using an AJAX page you have to own a webserver, or register on a free hosting like http://freehostingnoads.net
I just came across a website pagesource and saw this in the header:
<link href="../css/style.css?V1" rel="stylesheet" type="text/css" />
Could we actually pass GET data to css? I tried searching but found no results apart from using PHP. Could anyone help make meaning of the ?V1 after the .css
I know this forum is for asking programming problems, however I decided to ask this since I have found no results in my searches
First of all, no you can't pass GET parameters to CSS. Sorry. That would have been great though.
As for the example url. It can either be a CSS page generated by any web server (doesn't have to be PHP). In this case the server can serve different pages or versions of the same page which might explain the meaning of V1, Version 1. The server can also dynamically generate the page with a server-side template. This is an example from the Jade documentaion:
http://cssdeck.com/labs/learning-the-jade-templating-engine-syntax
It can also just be used as cache buster, for versioning purposes. Whenever you enter a url the browser will try to fetch it only if it doesn't already have a cached copy which is specific to that URL. If you have made a change in your content (in this instance the css file) and you want the browser to use it and not the cached version you can change the url and trick the browser to think it's a new resource that is not cached, so it'll fetch the new content from the server. V1 can then have a symantic meaning to the developer serving as a note (ie I've changed this file once...twice..etc) but not actually do anything but break the cache. This question addresses cache busting.
There are different concepts.
At first, it only is a link - it has a name, it might have an extension, but this is just a convention for humans, and nothing more than a resource identifier for the server. Once the browser requests it, it becomes a server request for a resource. The server then decides how to handle this request. It might be a simple file it just has to return, it might be a server side script, which has to be executed by a server side scripting interpreter, or basically anything else you can imagine.
Again, do not trick yourself in thinking "this is a CSS file", just because it has a css extension, or is called style.
Whatever runs at the server, and actually answers the request, will return something. And this something then is given a meaning. It might be CSS, it might be HTML, it might be JavaScript, or an image or just a binary download. To help the browser to understand what it is, the server returns a Content-Type header.
If no content type is given, the browser has to guess what it is. Or the nice web author gave a hint on what to expect as response - in this case he gave the hint of text/css. Again, this is how the returned content should be interpreted by the client/browser, not how that content is supposed to created on the server side.
And about the ?V1? This could mean different things. Maybe the user can configure a style (theme) for the website and this method is used to dispatch different styles. Or it can be used for something called "cache busting" (look it up).
You can pass whatever you want; the server decides what to do with the data.
After all, PHP isn't your only option for creating a server. If i wrote a server in Node.js, set up a route for /css/style.css and made it return different things depending on what query was given, neither the server nor browser will bat an eyelid.
I wan't developers who embed my webapp to be able to pass a param in the url like ?style=dark which will alter the css accordingly. Is there a better way to keep this setting as the user navigates than appending ?style=dark to all links?
I've considered cookies etc. but if one user is viewing two pages which embed my app with different themes then one will override the other.
I'm using Python/Django.
If you neither want to use Cookies nor Sessions and do not want to embed it into URLs, the only alternatives which comes to my mind are:
First the most generic: Use a dummy domain in front. Instead of www.example.com use h**p://THEME.example.com/PATH. This even works for HTTPS if you own a wildcard SSL for *.example.com.
A second variant would be to create a Basic-Auth-Handler which uses the Theme as the username with a dummy password. The URL then can look like:
h**p://THEME#www.example.com/PATH
However I am NOT sure what happens if a user connects to the same site with two different themes in the Basic-Auth-case. Also it is somewhat tricky to make the site available for search engines if it is behind an authentication handler. This is because you MUST have an auth-handler today to circumvent the Anti-Phishing-protection in modern browsers.
Note that with both methods you can only have one parameter easily. The password does not count and there are browsers out there which do not accept a wildcard SSL cert *.example.com for PARAM1.PARAM2.example.com.
I'm not exactly sure, but anyway you would have to pass this variable to your site. With that I mean, that there is no difference if you add ?style=dark to your href's, or rel="dark" to your <a>'s for use with javascript. keep in mind that it's just an example
Ofcourse you can always work on that AI to predict what the user wanted at the specific moment. hehe
I'm sure you can use a Session for this kind of thing, not? The first time the values are provided via the Querystring you add them to the Session and then retrieve them from the session in the future.
I usually don't use Smarty but am in the process of editing a prebuilt app, that uses Smarty for templating. It's super easy to check for the login status, but I have searched the Smarty site, docs and the app vendors docs and cannot find a tag of function to check for the initial user login. We need to pass a message to the user at their first login only.. and instead of writing it out I am hoping there is a tag we can use within Smarty, since it's already being used.
Thanks!
You can not do this by Smarty.
To differ the initial login from a later one, you have to store this information somewere. One aproach would be to use PHP and store it in the user database table (table "user", field "first_login").
The other one would be to store it in a cookie on the client side. But I wount suggest it, for you can not rely on it, as the user can turn of cookies.
So you need to find out, weather your application already stores this information in the user db table. Which it does most likely not. Therefore you need to define the db field and set it after login (using PHP). Afterwards you can user $smarty->assign() in your PHP code to publish your message to smarty in case of first login.
Not sure if I really am on the right forum, but if not, just tell me. I have a page that is coded in ASP (not .net) which is used to send email. We are currently having a problem in which the page seem to be sent twice sometime. Upon checking, we found out that those who have this problem are coming from big organisation, so it was suggested that their server might cache the file for some reason.
I would like to know, is there a way in HTML (or ASP ) to prevent that from happening ? Or is it in IIS that we must set this up ?
EDIT : I forgot to mention is that sometime, the time between the two mails can be in hours, not mere seconds
Thanks,
I don't see any cache problem here.
The only solution i see is to store somewhere server side(db, file system) the list of emails sent and check the list before send them.
With this approach, you will be sure to send just one mail to the specified address avoiding double submit or other possible problem.
I do not see how this could have anything to do with caching. After all, a cached page contains the generated html, and thus it would not trigger another execution of the code that sends the email.
However, my best guess is that it has to do with users that refresh the page. To avoid this, you could implement the post/redirect pattern, where after sending the mail you redirect to another page (or the same page but with different form parameters). This way the user can refresh the page as many times as he/she wants without triggering another email being sent.
If your problem is caching, there's really nothing you can do to keep an organization from caching it.
You can try to add this code to see if it makes a difference:
Response.Expires = 0
Response.Expiresabsolute = Now() - 1
Response.AddHeader "pragma","no-cache"
Response.AddHeader "cache-control","private"
Response.CacheControl = "no-cache"
If this doesn't work, you may need to contact that organization's IT department and ask them to add a caching exception for your page/site.