12 {{ upvoteCount | shortNum }}
12 {{ upvoteCount | shortNum }}

Wanting to hide signup page within PHP Login script

by daniel27lt
10 replies
Hi there,

I have a question that I seem not to be able to find online else so I'm hoping someone here can help me.

The question I have is I am in the process of creating a membership site. I have completed the login process correctly with a PHP login script I found online. I have installed the script correctly such as database, protecting certain pages etc.

The problem I am having is I am wanting to hide the URL where the registration page is found where users can signup (e.g. mywebsite.com/register.php). For example, I am wanting users to be able to login any time (mywebsite.com/login.php from a link I provide on the home page), but I am wanting to hide the signup page as user will get access to the registration page once they have made payments. But the problem is if the user has a little bit of knowledge about login scripts, there should know just to type in either signup.php or register.php (where the login script is located) to get access to this page for free.

For example, could I some how change the register.php name to something like register229102.php without the entire script not working?

Thanks Kindly,
Daniel
#hide #login #page #php #script #signup #wanting
  • Profile picture of the author Bruce Hearder
    Hi..

    You could do this a few way..
    I'm only going to explain the processess briefly, becuase i don't know your coding skill level.

    1. Use a .htaccess fix
    Only allow the visitor to reach the page if they came after visiting a certain page first. This could work if you make them visit the page first, but if you want to send them the url in an email ect then this method will fail.

    2. Another approach would be to send them to the home page, then drop a cookie on their computer that uniquely identifies them.
    If they visit the signup page and have a cookie, then process the signup.
    Otherwise, send them somewhere else..

    3. You could pass a parameter in the URL that links to a user.
    So something like :

    www.yoursite.com/register.php?some_id=1234

    This means they can get it via emai, PM, face book whatever. Plus, once the user has registered, the page is then useless to anyone else reaching the page.

    I hope these ideas can help

    Bruce
    {{ DiscussionBoard.errors[7787590].message }}
    • Profile picture of the author daniel27lt
      Hi Bruce,

      Thanks for your response and your time. The first option soulds like what I am looking for. I know a little bit about .htaccess files but not enough to execute the task. How would I do this?

      Also, how would I pass a parameter in the URL that links to a user if I were to use this option (even before they become a user)? What option should be recommended As well?

      Daniel
      Signature
      Download Free PLR Products to give away to build your list. Find all the most up-to-date PLR on the market.
      {{ DiscussionBoard.errors[7792581].message }}
      • Profile picture of the author Bruce Hearder
        Hi Dan..

        Some answers..

        Part 1, the htaccess way


        How is some HTACCESS code that might do what you want..

        <IfModule mod_rewrite.c>
        RewriteEngine On
        RewriteBase /
        RewriteCond %{REQUEST_URI} ^/the-page-you-want-to-protect/?(.*)$ [NC]
        RewriteCond %{HTTP_REFERER} !^http://www\.mydomain\.com/(.*) [NC]
        RewriteRule ^.*$ http://www.mydomain.com/ [R=301,L]
        </IfModule>

        What this will do..

        Only allow access to a page called "the-page-you-want-to-protect/" only if they came from mydomain.com. If they didn't then, If a website visitor does not, then send them to the home page..

        Part 2.. The cookie way (unique id).

        Put on signup page.. If no cookie present, then visitor is redirected to mydomain.com
        Of course, if visitor has javascript turned off (unlikely, but possible) then no checking and no redirection will take place.

        <head>
        <script>
        function getCookie(name)
        {
        var cookieName = name + "=";
        var docCookie = document.cookie;
        var cookieStart;
        var end;
        if (docCookie.length>0)
        {
        cookieStart = docCookie.indexOf(cookieName);
        if (cookieStart != -1)
        {
        cookieStart = cookieStart + cookieName.length;
        end = docCookie.indexOf(";",cookieStart)
        if (end == -1)
        {
        end = docCookie.length;
        }
        return unescape(docCookie.substring(cookieStart,end));
        }
        }
        return false
        }
        </script>
        </head>
        <body>
        <script language="JavaScript" type="text/javascript">
        if (!getCookie("testCookie1") window.location("http://www.mydomain.com");
        </body>


        On page you want visitor to come from, this will drop a cookie on their computer using the time as a unique idetifier.
        <head>
        <script>
        var cookieTime = new Date;
        var cookieData = "recordedCookieTime:" + cookieTime;
        document.cookie = "testCookie1" + "=" + cookieData + ";path=/";
        </script>
        </head>


        I hope some of this helps

        Bruce
        {{ DiscussionBoard.errors[7792972].message }}
        • Profile picture of the author daniel27lt
          Originally Posted by Bruce Hearder View Post

          Hi Dan..

          Some answers..

          Part 1, the htaccess way


          How is some HTACCESS code that might do what you want..

          <IfModule mod_rewrite.c>
          RewriteEngine On
          RewriteBase /
          RewriteCond %{REQUEST_URI} ^/the-page-you-want-to-protect/?(.*)$ [NC]
          RewriteCond %{HTTP_REFERER} !^http://www.mydomain.com/(.*) [NC]
          RewriteRule ^.*$ http://www.mydomain.com/ [R=301,L]
          </IfModule>

          What this will do..

          Only allow access to a page called "the-page-you-want-to-protect/" only if they came from mydomain.com. If they didn't then, If a website visitor does not, then send them to the home page..

          Part 2.. The cookie way (unique id).

          Put on signup page.. If no cookie present, then visitor is redirected to mydomain.com
          Of course, if visitor has javascript turned off (unlikely, but possible) then no checking and no redirection will take place.

          <head>
          <script>
          function getCookie(name)
          {
          var cookieName = name + "=";
          var docCookie = document.cookie;
          var cookieStart;
          var end;
          if (docCookie.length>0)
          {
          cookieStart = docCookie.indexOf(cookieName);
          if (cookieStart != -1)
          {
          cookieStart = cookieStart + cookieName.length;
          end = docCookie.indexOf(";",cookieStart)
          if (end == -1)
          {
          end = docCookie.length;
          }
          return unescape(docCookie.substring(cookieStart,end));
          }
          }
          return false
          }
          </script>
          </head>
          <body>
          <script language="JavaScript" type="text/javascript">
          if (!getCookie("testCookie1") window.location("http://www.mydomain.com");
          </body>


          On page you want visitor to come from, this will drop a cookie on their computer using the time as a unique idetifier.
          <head>
          <script>
          var cookieTime = new Date;
          var cookieData = "recordedCookieTime:" + cookieTime;
          document.cookie = "testCookie1" + "=" + cookieData + ";path=/";
          </script>
          </head>


          I hope some of this helps

          Bruce
          For some reason it's not working, maybe I'm not doing it right? I have created a .htaccess file and placed the code within it. I modified the required fields with my details.

          The page I am wanting to protect is in 3 sub-directories. How would I do this exactly as I tried a number of ways and still didn't work? e.g.

          Code:
          A RewriteCond %{REQUEST_URI} ^/members/gold/the-page-you-want-to-protect/?(.*)$ [NC]
          I tried placing the .htaccess file within the root directory as well as in the directory where the page I am wanting to protect, but still does not seem to work.

          What am I doing wrong?

          Thanks
          Signature
          Download Free PLR Products to give away to build your list. Find all the most up-to-date PLR on the market.
          {{ DiscussionBoard.errors[7796336].message }}
  • Profile picture of the author Andrew H
    This is how I would do it:

    When a user makes a payment add a record to the DB with a unique string (generate something like this substr(md5(rand()), 0, 40) ). For your registration page add this string as a GET variable to the URL (ie: registration.php?regid=45e197e725f510863506436d2ca f9b4a). When the user loads the registration.php page ensure that the regid is in the DB with a query (SELECT regid FROM paymentids WHERE regid = $_GET['regid'][this is just written out quickly, use parametrised queries]), if no results are found send them to the login page. After a user registers on the page remove the regid from the DB so it can't be used again.

    STEPS:
    1. When user makes payment add a record with a unique string to the dabatase
    2. Send them to the registration page with a $_GET variable appended to the URL that is that unique string stored in the database (registration.php?regid=asdasdasdasd)
    3. On the registration page check to be sure the $_GET variable (ie: .php?regid=asdasdas) is in the database, if not send the user to the login page ->
    $results = [your mysql query];
    if(empty($results['regid'])) { header('Location: login.php'); exit(); }
    4. After a user signs up remove this regid from the database.


    EDIT: Why don't you just include the payment in the signup process? it would be much easier.
    Signature
    "You shouldn't come here and set yourself up as the resident wizard of oz."
    {{ DiscussionBoard.errors[7794713].message }}
    • Profile picture of the author daniel27lt
      Originally Posted by Andrew H View Post

      This is how I would do it:

      When a user makes a payment add a record to the DB with a unique string (generate something like this substr(md5(rand()), 0, 40) ). For your registration page add this string as a GET variable to the URL (ie: registration.php?regid=45e197e725f510863506436d2ca f9b4a). When the user loads the registration.php page ensure that the regid is in the DB with a query (SELECT regid FROM paymentids WHERE regid = $_GET['regid'][this is just written out quickly, use parametrised queries]), if no results are found send them to the login page. After a user registers on the page remove the regid from the DB so it can't be used again.

      STEPS:
      1. When user makes payment add a record with a unique string to the dabatase
      2. Send them to the registration page with a $_GET variable appended to the URL that is that unique string stored in the database (registration.php?regid=asdasdasdasd)
      3. On the registration page check to be sure the $_GET variable (ie: .php?regid=asdasdas) is in the database, if not send the user to the login page ->
      $results = [your mysql query];
      if(empty($results['regid'])) { header('Location: login.php'); exit(); }
      4. After a user signs up remove this regid from the database.


      EDIT: Why don't you just include the payment in the signup process? it would be much easier.
      Hi there Andrew,

      Thanks for your reply. This sound's like another good option. But does this mean I have to individually remove the regid from my database every time someone registers?

      The idea behind my membership site will be once a user makes a payment via redirecting to a secure Clickbank payments page (as I am using Clickbank as my payment options) and once the user has made payments they are then redirected to the thank you page, when then the user will click a link to be redirected to the register.php page where they sign up and get access from there. And they can login from the home page once they have become a member. I hope this has made an understanding of my idea.

      I have everything already set up and would just like an easy way to hind the register.php URL as I am not to techy when it comes to PHP.

      Thanks
      Signature
      Download Free PLR Products to give away to build your list. Find all the most up-to-date PLR on the market.
      {{ DiscussionBoard.errors[7796727].message }}
  • Profile picture of the author Andrew H
    You could manually remove the regid from the database but this would be the wrong/slow/painful way to do it. I am not familiar with clickbank, but I would assume they have a hook that when a user makes a payment for a product they are redirected to a 'Thank you' page on your server with some $_POST or $_GET data. So it would be done via this... however I will stop explaining now because if you are not familiar with PHP & MySQL this will all just start to be jiberish.

    This is the best solution, the one I explained in my other post, however you need a good understanding of PHP & MySQL to implement it. So it might not be the right solution for you.
    Signature
    "You shouldn't come here and set yourself up as the resident wizard of oz."
    {{ DiscussionBoard.errors[7797695].message }}
    • Profile picture of the author daniel27lt
      Originally Posted by Andrew H View Post

      You could manually remove the regid from the database but this would be the wrong/slow/painful way to do it. I am not familiar with clickbank, but I would assume they have a hook that when a user makes a payment for a product they are redirected to a 'Thank you' page on your server with some Array or Array data. So it would be done via this... however I will stop explaining now because if you are not familiar with PHP & MySQL this will all just start to be jiberish.

      This is the best solution, the one I explained in my other post, however you need a good understanding of PHP & MySQL to implement it. So it might not be the right solution for you.
      Thank you Andrew once again for explaining this to me. You are right, this sounds like what I am wanting, but I do not understand it enough at present to complete this task. I will most likely have to hire someone to do this for me. Once again thanks you for your time and knowledge. I really appreciate it.
      Signature
      Download Free PLR Products to give away to build your list. Find all the most up-to-date PLR on the market.
      {{ DiscussionBoard.errors[7798117].message }}
      • Profile picture of the author tangopoint
        If someone is going to code this in php using session variables would be the easiest way.

        After the first action is completed a session session_start() and $_SESSION['variable'] would be set.

        On the register.php a simple if (isset($_SESSION['variable'] )) could check.

        This may sound like gibberish, but if you have someone familiar with php code it they won't have any problems with it.
        {{ DiscussionBoard.errors[7823624].message }}
  • Profile picture of the author Steve Fleming
    Or you could just use s2member plugin if you're using WordPress and
    make the job a lot easier for yourself.

    Steve
    Signature

    {{ DiscussionBoard.errors[7823668].message }}
  • Profile picture of the author nottouppy
    Banned
    [DELETED]
    {{ DiscussionBoard.errors[8205046].message }}

Trending Topics