0
My question quickly explained: I have a database with 20 registered users. Each user’s page layout is already defined. Each user can change only their name, place their photo in an already defined field and tell a little about themselves. Once he logs in, how do I send him to your page? Example "Pv.com.br/nomedousuario" Grateful.
1
Basically this:
// ... lógica do login ...
header('Location: /'.$nomedousuario);
die();
Sanitize the data to make sure that $nomedousuário no special characters. If you have, you will need to use something like this:
header('Location: /'.urlencode($nomedousuario));
die();
Always after using a redirect of this type, use the die(); to ensure that nothing else on the page is processed and sent to the customer. I have seen systems that serve improper things for lack of this die() (the developer did not realize that he was sending confidential data, precisely because the redirect was taking place, but simply turned off the support for redirect of browser to see the page)
The specification of the header Location: asked for the full URL, including protocol and domain name. Then there was an RFC "loosening" the requirement, but whenever possible, pass the full path (PHP has variables for this, in $_SERVER).
Browser other questions tagged php html5 database
You are not signed in. Login or sign up in order to post.
if someone types in the address bar
pv.com.br/nomedousuarioyou will have access to the page?– user60252
My problem is that I already have a default profile page called profile.php, to put it in the format of each user is that it is difficult for me to call type "Pv.com.br/profile.php if picked up by the id would be profile1.php?
– bernsthenrique
I want to say the following: the user
fulanologs in and is directed topv.com.br/fulano.php. My question is: if another user accesses the page through the linkpv.com.br/fulano.phpyou will have access to this page?– user60252
This question made me make a login page that redirects to the user page and that works like this: if the login is correct it accesses his page. If it copies the address of this page and opens in a new tab or new page will not access the page, neither it nor anyone else, just by re-logging in. See how it works ( login: leo password: 123 ) http://kithomepage.com/sos/login_key.php
– user60252
@Leocaracciolo the problem is that the guy can’t even refresh the page because of the one-time key. Qq way, you can use this idea and update the key on all links when using in practice, ai the guy is required to keep 1 tab only (and if you open the link in new tab, the old one no longer navigates). Another way to do this is to use a mix of JS and a window.name, something that the link does not propagate to another tab.
– Bacco
@Bacco, each user only has one page!.
– user60252
I had already understood, I just complemented how to use this idea to have more than one, and still keep in the same tab. For only one didn’t even need the key, it would be enough to write down in the $_SESSION that he already accessed and not leave more. (pq this yours, if you give F5 it goes back to the login, in the same way)
– Bacco
@Bacco, hahaha, had forgotten the Sesssions. But somehow a new idea emerged
você pode usar essa idéia e atualizar a chave em todos os links quando for usar na prática ....– user60252
It is the concept of nonce (number Once), to each transaction you update a token, to avoid duplication of credentials. This is used in many systems (in Telegram chat, in Let’s Encrypt certificates, I even use in my remote software update system)
– Bacco
Practical effect: it may be that someone copies 100% of the hard drive of a client of mine, write down the serial of the machine, etc., that in the first update, one of the machines will be with the wrong nonce. From there, I know that one of the two is not the original (pq when an upgrade, the nonce changes, then the second machine will reproduce the old number) - but this is not even to prevent piracy, but to prevent 2 machines update a remote DB, for example, with wrong ID. A legit copy can happen to a client, with no piracy intent, if you’re an unsuspecting technician, and I have to know to ensure consistency.
– Bacco
In PHP you can do similar thing by renewing the Session ID. If you take the cookie and copy it to another browser, the first one who accesses a link keeps Session, the second one is already lost. And you can use token in the URL as you did, but then we return to the beginning of the conversation: only one tab will survive. As our friend here would say, there can only be one! -> http://midia.gruposinos.com.br/_midias/png/2016/07/18/Highlander-1601069.png
– Bacco
only one https://lidiapereira.files.wordpress.com/2011/06/10.jpg
– user60252