Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question appears to be off-topic because it lacks sufficient information to diagnose the problem. Describe your problem in more detail or include a minimal example in the question itself.
Closed 8 years ago.
Improve this question
Is it possible to remove the parameters from a url after they have been used by using either php, JQuery or Javascript?
I would like to do this because I have jquery functions that are triggered by results of $_GET and at the moment if the user refreshes the page the functions are called again.
So that you can understand why I am doing is...
My site will only allow one person at a time to log in with each account and to prevent multiple simultaneous there is a db value changed when the account is being used. Problem is I can't count on the user to log out without just closing the browser which means the value doesn't get changed and they can't get back in. To get round this I have given the user the ability to close the other open session when they try to log in from another device. At this point, when either the session on the other device has timed out or the other user clicks on a link, they are redirected to the home page with a message explaining why they have been logged out and the name of the person that did it.
The params in the redirect url triggers the message and has the name.
I have found lots of ways of removing params before the url is used but nothing about after which makes me ask the question is this possible?
As I said before, you COULD go to the trouble of turning on url rewriting and create a .htaccess file that checks for the GET parameters and deletes them from the URL.
However, it may be better and easier to choose another option.
Such as setting $_SESSION variables prior to redirecting to the home page (with no GET parameters. Then you can just check for these session variables that indicate that the user is has been forcefully logged out and contain the message.
Related
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 5 months ago.
Improve this question
I'm fairly new to coding, and when I try to find a way to lock my website behind a username and password field, every tutorial just hides them as a plain variable in some random file. I'm wanting to make the website only accessible once a username and password have been entered, but I want the usernames and passwords to be made and managed by myself, so only people I know can access it. If this is a really obvious thing I apologise, but if it's something that I can specifically look up please let me know so I can do more independent research.
There's no good way to do this on the frontend alone.
every tutorial just hides them as a plain variable in some random file.
Sounds like some pretty shoddy tutorials. Anyone could look at the source code of the site and get in.
The right thing to do would be to:
Hash the passwords (one-way encryption so that the original password text cannot be recovered, even if someone gains access to the hash)
Save the passwords in a database or (if there aren't many) in environment variables on your server
Set up routing on the server so that if the user isn't authenticated, none of the protected content gets sent to them in the first place - redirect them to the login page. (Don't serve the HTML of a protected page and then try to do validation from that page; with that approach, users would still be able to open up the developer tools and bypass your restrictions, by inserting their own code and removing your own).
Anything on the client-side can be tampered with and bypassed; gate requests behind the server instead, which is (or, has the potential to be) much more secure.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 3 years ago.
Improve this question
So my company wants to do a small experiment and generate an email that'll be sent to about 50 workers. The email will include a link to a website (stored on our local server) and I need to be able to determine exactly who clicked the link (I have a list of all email addresses) and add the email address of the "victim" to another list. I think there's a way to do that with Node.js and Express but I'm not sure exactly how to track those clicks. Any ideas?
I'm aware that a script like that should come before the user enters the actual website and I can deal with most HTML, CSS and JS programming myself.
Thanks a bunch!
...and I need to be able to determine exactly who clicked the link...
It depends.
If you have some form of single-sign-on implemented across your intranet, then you can at least know what user account was signed in when they followed the link (which doesn't guarantee you what user it was, but people really shouldn't leave their workstations unattended and unlocked), assuming your Node.js application gets that information.
Otherwise: You can't, reliably. What you can do is make the link slightly different for each recipient (perhaps a code at the end in the query string), keeping track of which code you sent to which recipient, and then when they follow the link look at the code in the link they followed.
It's unreliable for at least a couple of reasons:
A user could remove the code
A user could share their link with other users, who then use it
Similarly, trying to use the user's IP address or MAC address only tells you...what the IP address or MAC address of the connection was, not who the user was.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 5 years ago.
Improve this question
I am using express,react and mysql. I want to create like/dislike system for the comments. I googled it and most people recommended to disable the button after single click. But I don't want that. Even the user refreshes the tab or access his profile from another device. When he sees that comment again, he should see that he already liked that comment and he should not be able to like it again. I am thinking of storing all the likes and dislikes in the mysql database for each user. Does it decreases the number of queries to database and affect the performance? What is the proper solution?
If you want to show the users who liked/disliked a post (or a comment), you will have to insert a new row along with the user-id for each like/dislike. And regarding the multiple-likes problem, you will have to check whether or not there is a row with the same user-id and comment-ids as the ones you are getting from the post request, if so, just ignore the request and tell the user something like "cannot like more than once", otherwise insert a new row.
Another thing to consider is, what do you plan to do in cases where a user likes a comment and immediately unlikes it ? If you are sending real-time notifications, then the target will get a false notification (that is, if you don't tackle this problem). That was something I hadn't considered and there simply was no way (but i am sure there is a trick).
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 years ago.
Improve this question
I can't explain what I want to do in the correct terminology but I'll give an example.
A website has on most pages a 'quick contact' form in a sidebar. Once the form is submitted on any given page that contains it, it fades and a confirmation message appears. How can I allow the website to identify that the form has already been submitted and then just display the confirmation message on all areas which would have contained it (throughout the whole site). Ideally, this would only occur for a limited period of set time (such as after 1 day or close of browser it resets and the form is present when that specific user access' the website again.
Honestly, I have no idea where to even start with this, but an important thing to note is that the form submission is just a 'dummy submission' and is not actually sending any data to the server (I know this is wrong but this task has the specific requirement of predominately client side access).
Edit: A cookie was what I was after.
You have several options to store flags in the client-side, like cookies and local storage to name a few. If this functionality is bound to a user account, you can also set a flag in the DB table or column that's related to that user.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question appears to be off-topic because it lacks sufficient information to diagnose the problem. Describe your problem in more detail or include a minimal example in the question itself.
Closed 8 years ago.
Improve this question
I have a contest site, I want it to prevent people going on it when they have submitted the form on the page. Is this possibe?
Thanks
You could build system where users are required to enter their email address, and enter a verification code which is sent to them. But they would only be able to enter this verification code once. Therefore, the only way of cheating would be to use two separate email addresses (and they would have to have access to both).
Cookies would not be the best option for this as anyone could clear their cookies.
It's not necessarily possible to stop users requesting a page, however you can either redirect them to another page or show some kind of error message to them, to tell them that they can't resubmit.
Presuming you have some kind of user registration in place already (and are tying competition entries to those users with an ID) then all you would have to do is check for the existence of a competition entry in the database and then, if one is found, either force a redirect (likely in <script> tags) or replace the rendering of the page with the notice that you can't resubmit.