Variables by links

Question

Variables by links

Asked 6 years, 11 months ago

Viewed 56 times

0

It is possible to prevent users from accessing a "register.php? msg=error" page per link?

That is, basically there is the "register.php" link that serves for users to register and the email entered was already user, by clicking the register button, the user will be directed to the link "register.php? msg=error" which is the same as "register.php" but with a div indicating the error. Is there a way not to let "register.php? msg=error" by link? and just by clicking the button?

Code:

register.php

<div class="banner-bot" >
<div class="container">
    <h2>Registar</h2>
    <p>Preenche os dados para criar a tua conta. Quando te registares irá ser enviado um email para confirmares a conta. </p>
    <br>
    <?php
        if(isset($_GET["msg"]) && $_GET["msg"] == "erro") {
    ?>
    <div class="alert alert-danger">
        <strong>Erro!</strong> Já existe uma conta associada ao email introduzido. Tente novamente com um email diferente.
    </div>
    <?php
    }
    ?>
<br>
</div>
<form name="registarUtilizador" action="Inserir/InserirUtilizador.php" onsubmit="return validarRegisto()" method="POST">
    <div class="register-box">
        <div class="text">
            <input type="text" placeholder="Nome Completo" required=""  name="nomeCompleto" id="nomeCompleto"  maxlength="99"/>
            <br>
            <br>
            <input type="text" placeholder="Email" required="" name="email" id="email" maxlength="99"/>
            <br>
            <br>
            <input type="text" placeholder="Confirme o seu Email" required="" name="emailConfirmar" id="emailConfirmar" maxlength="99"/>
            <br>
            <br>
            <input type="password" placeholder="Password" required="" name="pass" id="" maxlength="20"/>
            <br>
            <br>
            <input type="password" placeholder="Confirme a sua Password" required="" name="passConfirmar" id="passConfirmar" maxlength="20"/>
            <br>
            <br>
            <center><div class="g-recaptcha" data-sitekey="key"></div></center>
            <br>
            <br>
        </div>
        <div class="text-but">
            <input type="submit" name="submit" value="Confirmar"/>
        </div>  
    </div>
</form>

Código Inserirutilizador:

<?php require '../functions.php'; ?>
<body>
<?php

$nomeCompleto = $_POST["nomeCompleto"];
$email = $_POST["email"];
$pass = $_POST["pass"];

$options = [
    'cost' => 12,
];
$pass = password_hash($pass, PASSWORD_BCRYPT, $options);

// Create connection
$conn = db_connect(); 

$sql = "INSERT INTO utilizadores (nomeCompleto, email, pass) 
VALUES ('$nomeCompleto', '$email', '$pass')";

if ($conn->query($sql) === TRUE) {
    header("Location: ../index.php?msg=sucesso");
} else {
    header("Location: ../registar.php?msg=erro");
}
$conn->close();
?>

you can post the code on this register.php page

– user60252

2017/10/12 at 21:56
Welcome Nelson Silva, you’ll get better answers if you give people code they can use to reproduce the problem. Read this post https://answall.com/help/mcve

– user60252

2017/10/12 at 23:04
I’m sorry, I’ve entered the file code

– Nelson Silva

2017/10/13 at 00:12
But is there a link on registar.php that to registar.php?msg=erro ? Or the idea is to "stop" the person writing this directly into the browser url?

– Isac

2017/10/13 at 00:15
Yes, that was the idea. Try to prevent the person from typing "register.php? msg=error" in the url. And only allow in case the person clicks the button to register.

– Nelson Silva

2017/10/13 at 00:28
If any answer solved your problem mark it as accepted, check as and why in https://pt.meta.stackoverflow.com/questions/1078/como-e-por-que-aceitar-uma-resposta/1079#1079

– user60252

2017/10/31 at 11:20

Show 1 more comment

2 answers

Browser other questions tagged php html ajax

You are not signed in. Login or sign up in order to post.

by Sam • **79,597** points · Answer 1 · 2017-10-13T00:54:54+00:00

You can use the function strrpos() to see if the string msg=erro is present in the URL ($_SERVER[REQUEST_URI]) and check if the requisition came directed from somewhere ($_SERVER[HTTP_REFERER]).

If the first condition is true and the second is empty, "it can be" that the URL was typed directly into the browser:

<?php 
if(strrpos($_SERVER[REQUEST_URI],"msg=erro") && $_SERVER[HTTP_REFERER] == ""){
    exit; // para o carregamento da página. OQ VC PRETENDE FAZER AQUI?
}
?>

by user60252 · Answer 2 · 2017-10-13T23:25:36+00:00

I made an example with Mysqli and without the function password_hash but vc can adapt to PDO and use the function password_hash.

register.php

This first part in PHP will only be executed if there is redirection from InserirUtilizador.php in other words, if the email on the table utilizadores, time by which the redirector parameter is entered in the URL key which is also inserted in the table acesskey in the column uniqueid.

This PHP aims to display the <div class="alert alert-danger"> if it is accessed only and exclusively through the page InserirUtilizador.php in case the registered email already exists, therefore the <div class="alert alert-danger"> will not be shown in any other hypothesis.

<?php
if ($_GET['key']){
  $key= $_GET['key'];
  $conn = new mysqli("localhost","NOME_USUARIO","SENHA", "NOME_DB");

     $select = "select * from acesskey where uniqueid = '$key'";

     $result = $conn->query($select);

    if(mysqli_num_rows($result)>0){

       $mostrarDiv="sim";
       $sql = ("DELETE FROM acesskey Where uniqueid='".$key."'");
       $delete = mysqli_query($conn,$sql);

    }
 mysqli_close($conn);
}   
?>

<div class="banner-bot" >
<div class="container">
    <h2>Registar</h2>
    <p>Preenche os dados para criar a tua conta. Quando te registares irá ser enviado um email para confirmares a conta. </p>
    <br>
    <?php
        if($mostrarDiv=="sim") {
    ?>
    <div class="alert alert-danger">
        <strong>Erro!</strong> Já existe uma conta associada ao email introduzido. Tente novamente com um email diferente.
    </div>
    <?php
    }
    ?>
<br>
</div>
<form name="registarUtilizador" action="Inserir/InserirUtilizador.php" method="POST">
    <div class="register-box">
        <div class="text">
            <input type="text" placeholder="Nome Completo" required=""  name="nomeCompleto" id="nomeCompleto"  maxlength="99"/>
            <br>
            <br>
            <input type="text" placeholder="Email" required="" name="email" id="email" maxlength="99"/>
            <br>
            <br>
            <input type="text" placeholder="Confirme o seu Email" required="" name="emailConfirmar" id="emailConfirmar" maxlength="99"/>
            <br>
            <br>
            <input type="password" placeholder="Password" required="" name="pass" id="" maxlength="20"/>
            <br>
            <br>
            <input type="password" placeholder="Confirme a sua Password" required="" name="passConfirmar" id="passConfirmar" maxlength="20"/>
            <br>
            <br>
            <center><div class="g-recaptcha" data-sitekey="key"></div></center>
            <br>
            <br>
        </div>
        <div class="text-but">
            <input type="submit" name="submit" value="Confirmar"/>
        </div>  
    </div>
</form>

Código Inserirutilizador

$conn = new mysqli("localhost","NOME_USUARIO","SENHA", "NOME_DB");

$nomeCompleto = $_POST["nomeCompleto"];
$email = $_POST["email"];
$pass = $_POST["pass"];

$result = $conn->query("SELECT COUNT(*) FROM utilizadores WHERE email = '$email'");

$row = $result->fetch_row();


if ($row[0] > 0) {

    $key = uniqid(md5(rand()));
    $conn->query("Insert into acesskey (uniqueid) values ('".$key."')");
    header("Location: ../registar.php?key=$key");

} else {

    $conn->query("INSERT INTO utilizadores (nomeCompleto, email, pass) VALUES ('$nomeCompleto', '$email', '$pass')");
    header("Location: ../index.php?msg=sucesso");

}

mysqli_close($conn);