Solved

Display random text file to visitor, but same file if they refresh the page.

Posted on 2015-01-20
8
17 Views
Last Modified: 2016-04-20
I've been trying to find a script that can do the following;

I'd like to display the contents of a random text file in a box on a webpage.

There are 80 different text files in total, that I will store in a folder.

Each visitor should see a random file when they first visit, but if they then refresh the page, I want the same file to be displayed to them. (For a max period of 24 hours say.)

It should also display the name of the text file displayed.

Any help you can give is greatly appreciated.

Thanks
0
Comment
Question by:phaygarth
  • 3
  • 2
8 Comments
 
LVL 24

Expert Comment

by:mankowitz
ID: 40560881
you want to save the text file in the session and then re use it as needed. For example

session_start();
if (!isset($_SESSION['filename'])) {
   // pick a random file
   $_SESSION['filename'] = rand().....;
}

   // show the file that you want
   // for example
   echo file_get_contents($_SESSION['filename']);
0
 
LVL 82

Accepted Solution

by:
Dave Baldwin earned 250 total points
ID: 40560885
Since sessions expire after 24 minutes of inactivity, I would set a cookie that is good for 24 hours with the name of the file or at least an index to it.  Read the cookie when the page is loaded and deliver the appropriate file.  If there is no cookie, pick a 'random' file and set a new cookie.
0
 
LVL 24

Expert Comment

by:mankowitz
ID: 40560900
You can change session lifetime if you need to:

ini_set('session.gc_maxlifetime', 84600);
session_set_cookie_params(84600);
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 
LVL 108

Assisted Solution

by:Ray Paseur
Ray Paseur earned 250 total points
ID: 40560961
It's true that you can change the session lifetime, but that does not account for the events that may occur when the client closes the browser or moves to a different subdomain.  Session cookies are normally set with a lifetime of "zero" and the browser-close event causes the cookie (and therefore the session) to be lost.  Further explanation here:
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_11909-PHP-Sessions-Simpler-Than-You-May-Think.html

Some additional commentary here:
http://php.net/manual/en/function.session-set-cookie-params.php#100657

I think DaveBaldwin's cookie + file solution may be better than the PHP session since it will be simpler (at least that's the way I see it).  The PHP session creates internal dependencies.  In contrast, these dependencies can be determined by you and injected into a session-independent solution.
0
 
LVL 24

Expert Comment

by:mankowitz
ID: 40561240
@ray, of course, the user could edit the cookie to see a different file, which is harder than faking a sessionID
0
 
LVL 108

Expert Comment

by:Ray Paseur
ID: 40561717
@mankowitz: agree, and there are ways that we can reduce the risk of cookie tampering.  Most frameworks already implement something like this.  With broad questions like this one there are always many layers to the solutions!

<?php // cookie_security.php

/**
 * Demonstrate how to encode information in a cookie
 * to reduce the risk of cookie tampering
 *
 * A salted message digest is included with the cookie
 *
 * If the message digest does not match the value of the cookie
 * we can assume that the cookie has been damaged and we can
 * discard it
 */
error_reporting(E_ALL);

// A DATA DELIMITER
$dlm = '|';

// YOUR OWN SECRET CODE - THE 'SALT' STRING
$secret_code = 'MY SECRET';

// A DATA STRING THAT WE WANT TO STORE (MIGHT BE A DATABASE KEY OR SIMILAR)
$cookie_value = 'MARY HAD A LITTLE LAMB';

// ENCODE THE DATA STRING TOGETHER WITH OUR SECRET
$cookie_code = md5($cookie_value . $secret_code);

// CONSTRUCT THE COOKIE STRING WITH THE CLEAR TEXT AND THE CODED STRING
$safe_cookie_value = $cookie_value . $dlm . $cookie_code;

// SET THE COOKIE LIKE "MARY HAD A LITTLE LAMB|cf783c37f18d007d23483b11759ec181"
setcookie('safe_cookie', $safe_cookie_value);



/**
 * WHEN STORED, THE COOKIE WILL BE URL-ENCODED SO IT WILL LOOK SOMETHING LIKE THIS ON THE BROWSER
 * MARY+HAD+A+LITTLE+LAMB%7Ccf783c37f18d007d23483b11759ec181
 * IT WILL BE URL-DECODED BEFORE IT IS PRESENTED TO PHP
 */

// HOW TO TEST THE COOKIE
if (isset($_COOKIE["safe_cookie"]))
{
    // BREAK THE COOKIE VALUE APART AT THE DELIMITER
    $array = explode($dlm, $_COOKIE["safe_cookie"]);

    // ENCODE THE DATA STRING TOGETHER WITH YOUR SECRET
    $cookie_test = md5($array[0] . $secret_code);

    // IF THE MD5 CODES DO NOT MATCH, THE COOKIE IS NO LONGER INTACT
    if ($cookie_test == $array[1])
    {
        echo "<br/>THE COOKIE {$_COOKIE["safe_cookie"]} IS INTACT";
    }
    else
    {
        // WHEN THE COOKIE HAS BEEN DAMAGED, DISCARD IT
        echo "<br/>THE COOKIE {$_COOKIE["safe_cookie"]} HAS BEEN CORRUPTED AND CANNOT BE USED";
        $_COOKIE['safe_cookie'] = NULL;
		setcookie('safe_cookie', NULL, time()-86400);
    }
}
else
{
    die('COOKIE IS SET - REFRESH THE BROWSER WINDOW NOW');
}




// MUNG THE COOKIE TO DEMONSTRATE WHAT HAPPENS WITH A CORRUPT COOKIE
$_COOKIE["safe_cookie"] = str_replace('MARY', 'FRED', $_COOKIE["safe_cookie"]);

// HOW TO TEST THE COOKIE
if (isset($_COOKIE["safe_cookie"]))
{
    // BREAK THE COOKIE VALUE APART AT THE DELIMITER
    $array = explode($dlm, $_COOKIE["safe_cookie"]);

    // ENCODE THE DATA STRING TOGETHER WITH OUT SECRET
    $cookie_test = md5($array[0] . $secret_code);

    // IF THE MD5 CODES DO NOT MATCH, THE COOKIE IS NO LONGER INTACT
    if ($cookie_test == $array[1])
    {
        echo "<br/>THE COOKIE {$_COOKIE["safe_cookie"]} IS INTACT";
    }
    else
    {
        echo "<br/>THE COOKIE {$_COOKIE["safe_cookie"]} HAS BEEN CORRUPTED AND CANNOT BE USED";
    }
}

Open in new window

0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Introduction Chart.js, used properly, can visually add a difference to your charting applications. It engages your visitors and allows them to interact with data they otherwise wouldn't be able to without expensive and complicated systems. For this…
Introduction Knockoutjs (Knockout) is a JavaScript framework (Model View ViewModel or MVVM framework).   The main ideology behind Knockout is to control from JavaScript how a page looks whilst creating an engaging user experience in the least …
The viewer will learn the basics of jQuery, including how to invoke it on a web page. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery.: (CODE)
The viewer will learn the basics of jQuery including how to code hide show and toggles. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now