Link Variables

0

Is it possible to prevent users from accessing a page of type "registar.php? msg = error" per link?

In other words, basically there is the link "register.php" that serves for users to register and the email entered was already a user, clicking the register button, the user will be directed to the link "register.php ? msg = error "which is the same as" register.php "but with a div indicating the error. Is there a way to not allow access to "registar.php? Msg = error" per link? and just by clicking the button?

Code:

registar.php

<div class="banner-bot" >
<div class="container">
    <h2>Registar</h2>
    <p>Preenche os dados para criar a tua conta. Quando te registares irá ser enviado um email para confirmares a conta. </p>
    <br>
    <?php
        if(isset($_GET["msg"]) && $_GET["msg"] == "erro") {
    ?>
    <div class="alert alert-danger">
        <strong>Erro!</strong> Já existe uma conta associada ao email introduzido. Tente novamente com um email diferente.
    </div>
    <?php
    }
    ?>
<br>
</div>
<form name="registarUtilizador" action="Inserir/InserirUtilizador.php" onsubmit="return validarRegisto()" method="POST">
    <div class="register-box">
        <div class="text">
            <input type="text" placeholder="Nome Completo" required=""  name="nomeCompleto" id="nomeCompleto"  maxlength="99"/>
            <br>
            <br>
            <input type="text" placeholder="Email" required="" name="email" id="email" maxlength="99"/>
            <br>
            <br>
            <input type="text" placeholder="Confirme o seu Email" required="" name="emailConfirmar" id="emailConfirmar" maxlength="99"/>
            <br>
            <br>
            <input type="password" placeholder="Password" required="" name="pass" id="" maxlength="20"/>
            <br>
            <br>
            <input type="password" placeholder="Confirme a sua Password" required="" name="passConfirmar" id="passConfirmar" maxlength="20"/>
            <br>
            <br>
            <center><div class="g-recaptcha" data-sitekey="key"></div></center>
            <br>
            <br>
        </div>
        <div class="text-but">
            <input type="submit" name="submit" value="Confirmar"/>
        </div>  
    </div>
</form>

User Input Code:

<?php require '../functions.php'; ?>
<body>
<?php

$nomeCompleto = $_POST["nomeCompleto"];
$email = $_POST["email"];
$pass = $_POST["pass"];

$options = [
    'cost' => 12,
];
$pass = password_hash($pass, PASSWORD_BCRYPT, $options);

// Create connection
$conn = db_connect(); 

$sql = "INSERT INTO utilizadores (nomeCompleto, email, pass) 
VALUES ('$nomeCompleto', '$email', '$pass')";

if ($conn->query($sql) === TRUE) {
    header("Location: ../index.php?msg=sucesso");
} else {
    header("Location: ../registar.php?msg=erro");
}
$conn->close();
?>
    
asked by anonymous 12.10.2017 / 23:04

2 answers

0

You can use the strrpos() function to see if the msg=erro string is present in the URL ( $_SERVER[REQUEST_URI] ) and check if the request came from somewhere ( $_SERVER[HTTP_REFERER] ).

If the first condition is true and the second one is empty, "it may be" that the URL was typed directly into the browser:

<?php 
if(strrpos($_SERVER[REQUEST_URI],"msg=erro") && $_SERVER[HTTP_REFERER] == ""){
    exit; // para o carregamento da página. OQ VC PRETENDE FAZER AQUI?
}
?>
    
13.10.2017 / 02:54
0

I made an example with MySQLi and without the password_hash function, but you can adapt to PDO and use the password_hash function.

registar.php

This first part of PHP will only be executed if there is redirection from InserirUtilizador.php to here, that is, if email already exists in table utilizadores , moment by which the key parameter is inserted in the redirector URL, which is also inserted in the acesskey table in the uniqueid column.

This PHP is intended to display <div class="alert alert-danger"> if it is accessed only through the InserirUtilizador.php page in case the already registered email already exists, therefore <div class="alert alert-danger"> will not be shown in any other hypothesis.

<?php
if ($_GET['key']){
  $key= $_GET['key'];
  $conn = new mysqli("localhost","NOME_USUARIO","SENHA", "NOME_DB");

     $select = "select * from acesskey where uniqueid = '$key'";

     $result = $conn->query($select);

    if(mysqli_num_rows($result)>0){

       $mostrarDiv="sim";
       $sql = ("DELETE FROM acesskey Where uniqueid='".$key."'");
       $delete = mysqli_query($conn,$sql);

    }
 mysqli_close($conn);
}   
?>

<div class="banner-bot" >
<div class="container">
    <h2>Registar</h2>
    <p>Preenche os dados para criar a tua conta. Quando te registares irá ser enviado um email para confirmares a conta. </p>
    <br>
    <?php
        if($mostrarDiv=="sim") {
    ?>
    <div class="alert alert-danger">
        <strong>Erro!</strong> Já existe uma conta associada ao email introduzido. Tente novamente com um email diferente.
    </div>
    <?php
    }
    ?>
<br>
</div>
<form name="registarUtilizador" action="Inserir/InserirUtilizador.php" method="POST">
    <div class="register-box">
        <div class="text">
            <input type="text" placeholder="Nome Completo" required=""  name="nomeCompleto" id="nomeCompleto"  maxlength="99"/>
            <br>
            <br>
            <input type="text" placeholder="Email" required="" name="email" id="email" maxlength="99"/>
            <br>
            <br>
            <input type="text" placeholder="Confirme o seu Email" required="" name="emailConfirmar" id="emailConfirmar" maxlength="99"/>
            <br>
            <br>
            <input type="password" placeholder="Password" required="" name="pass" id="" maxlength="20"/>
            <br>
            <br>
            <input type="password" placeholder="Confirme a sua Password" required="" name="passConfirmar" id="passConfirmar" maxlength="20"/>
            <br>
            <br>
            <center><div class="g-recaptcha" data-sitekey="key"></div></center>
            <br>
            <br>
        </div>
        <div class="text-but">
            <input type="submit" name="submit" value="Confirmar"/>
        </div>  
    </div>
</form>

User Input Code

$conn = new mysqli("localhost","NOME_USUARIO","SENHA", "NOME_DB");

$nomeCompleto = $_POST["nomeCompleto"];
$email = $_POST["email"];
$pass = $_POST["pass"];

$result = $conn->query("SELECT COUNT(*) FROM utilizadores WHERE email = '$email'");

$row = $result->fetch_row();


if ($row[0] > 0) {

    $key = uniqid(md5(rand()));
    $conn->query("Insert into acesskey (uniqueid) values ('".$key."')");
    header("Location: ../registar.php?key=$key");

} else {

    $conn->query("INSERT INTO utilizadores (nomeCompleto, email, pass) VALUES ('$nomeCompleto', '$email', '$pass')");
    header("Location: ../index.php?msg=sucesso");

}

mysqli_close($conn);
    
14.10.2017 / 01:25