-1

How could i remove GET variable from URL after its called ?

Calling with

<a href="?reward">

After its called 

if (isset($_GET['reward'])){

$username = $_SESSION['username'];
$points = $_SESSION['points'];

if ($points >=500) {
  echo " test value is more than 500";
} // ANTRA IF UZDAROM
else {
  echo '<script type="text/javascript">';
  echo 'setTimeout(function () { swal({type: "error",title: "Oops...",text: "You do not have enough points!",buttonsStyling: false,heightAuto: false});';
  echo '}, 1000);</script>';
}   
} // PIRMA IF UZDAROM

And in my url as you understand i see somelink.php?reward

Why would i want to remove it ? Well, since people can refresh page they could abuse something. What are the ways ?

OkayDaddy
  • 9
  • 2
  • 2
    If one can "earn" such a reward by simply making a http request, then you have other issues in your logic than just "removing the GET variable"... – arkascha Sep 22 '18 at 15:27
  • If there is a way to abuse it then your concept is not as good as it must be. Fix the concept. – BlackNetworkBit Sep 22 '18 at 15:28
  • They are not earning rewards here, they are "claiming", no, they can't abuse points "value" since its refreshed on every page load. The code isn't finished yet, just thinking about what could happen. – OkayDaddy Sep 22 '18 at 15:32
  • I always handle the post request and than refresh using the header() command to a page which they can refresh (a success page, or to the same page without the get info). – Rolfie Sep 22 '18 at 15:37
  • I was thinking the same but well.. I can't use header since its used in other places in the same page, it gives me some sort of error that header is already used. – OkayDaddy Sep 22 '18 at 16:02
  • 1
    Possible duplicate of [How to make a redirect in PHP?](https://stackoverflow.com/questions/768431/how-to-make-a-redirect-in-php) – hostingutilities.com Sep 22 '18 at 18:47
  • @Mr.Me They are totally different. – OkayDaddy Sep 22 '18 at 18:49

3 Answers3

0

Use redirect is one option you can try:

<?php

session_start();

$_SESSION['username'] = 'User'; //test 
$_SESSION['points'] = 300; //test

if (isset($_GET['reward'])){
   $_SESSION['reward_hit'] = true;
   header('Location: /temp/test.php'); //redirect to same url

} elseif (isset($_SESSION['reward_hit'])) {

    unset($_SESSION['reward_hit']);
    $username = $_SESSION['username'];
    $points = $_SESSION['points'];

    if ($points >=500) {
      echo " test value is more than 500";
    } // ANTRA IF UZDAROM
    else {
      echo " test value is less than 500";  //test
      echo '<script type="text/javascript">';
      echo 'setTimeout(function () { swal({type: "error",title: "Oops...",text: "You do not have enough points!
",buttonsStyling: false,heightAuto: false});';
      echo '}, 1000);</script>';
    }
} // PIRMA IF UZDARO
D P
  • 41
  • 4
0

For future readers:

Put this code in top of your page

<script>    
    if(typeof window.history.pushState == 'function') {
        window.history.pushState({}, "Hide", '<?php echo $_SERVER['PHP_SELF'];?>');
    }
</script>

*ANSWERED

OkayDaddy
  • 9
  • 2
-1

Add to echo of JS code one line:

  echo '<script type="text/javascript">';
  echo 'history.pushState(null, null, url);';
  echo '</script>';

Where url is full domain name of your site.

Vladimir
  • 99
  • 8