0

I have a doubt about how I can check an URL like this: 

http://your.url/set_new_password.php?userid=564979&code=54c4a2767c2f485185ab72cdcf03ab59

I need to check if the userid exists in the database and if the userid is associated to the hash in the link.

I Read that it is not possible check the url within php. If so, is it possible to solve this problem? I need to verify if the hash and userid present in the link exist in the database.

Any other alternatives?

anvd
  • 3,997
  • 19
  • 65
  • 126
  • Hi, why do you want to check the url?? You get the needed values by $_GET['userid'] and $_GET['code'] – strauberry Mar 21 '11 at 19:54
  • $_GET['userid'] and $_GET['code'], who says you can't check the url with php?????? –  Mar 21 '11 at 19:54

4 Answers4

2

use the $_GET variable in php

$_GET['userid']

see tutorial here

Naftali
  • 144,921
  • 39
  • 244
  • 303
2

The variables userid and code in the URL are made available to PHP in an array called GET:

echo $_GET['userid']; // 564979

If you have a hash (or fragment) in your URL, this won't get back to PHP:

www.mysite.com?val=1#part2

In the above, PHP can see the domain and the val variable, but not #part2. Sites that use the hash to significantly change the page (eg GMail) use javascript to pull in new content when the hash changes.

Be sure to sanitize your variables before using them, to avoid malicious users being able to hack into your system. This is a big topic, but read up on the following:

If you don't sanitize, someone could change your url so that the variable is set to:

;DELETE * FROM mytable;

When you query your db without sanitising your inputs, you could lose all your data.

Shadow The GPT Wizard
  • 66,030
  • 26
  • 140
  • 208
Adam Hopkinson
  • 28,281
  • 7
  • 65
  • 99
  • but it is so simple, your code checks the URL portion - userid? i read in this link that php can't read the url :http://stackoverflow.com/questions/940905/can-php-read-the-hash-portion-of-the-url i already read sanitize, what mean that process? thanks – anvd Mar 21 '11 at 20:02
  • PHP can't read the #hash part of the URL in the linked question. PHP is server side, the hash can only be seen by the client (browser). – Adam Hopkinson Mar 21 '11 at 20:04
  • but to check if the hash exists in the database the php have to read the #hash part of the URL, or i am confusing the problem? – anvd Mar 21 '11 at 20:06
  • 1
    You're confusing the hash in your case (the value of `code`), with a url hash (which is the part of the url starting with #). You only need the value of `$_GET['code']` - there is no url hash in your url. – Adam Hopkinson Mar 21 '11 at 20:09
  • # URL name Attribute not same as a Cryptographic hash –  Mar 21 '11 at 20:10
0

In PHP, the $_GET array has the url parameters. So in this case, you'd use $_GET['userid'] and $_GET['code']

Adrian Gonzales
  • 1,010
  • 6
  • 8
0

See Server consist of apache , php , mysql . When you access this url through your browser it is first send to apache which forwards your request to php . Php takes full controle from there on . A request made by client browser consist of various data which can be divided into types cookies , headers , post , get request . All these data can be access in there respective suprglobal variables in php $_GET , $_POST and so on . In your case you need to access $_GET . so do $_GET['userid'] to access userid , and $_GET['code'] to access code . Lastly you would connect ot MYSQL and do querly like "Select * from users where 'userid' = $_GET['userid'] and 'code' = $_GET['code'] " ;

Mr Coder
  • 8,169
  • 5
  • 45
  • 74