...

View Full Version : .htaccess help needed



Jedi Knight
02-14-2008, 05:48 PM
I read an article from someone here about restricting access to a page from certain url.
How can I grant access to a page to only a certain url?

To clarify, I have a page on my server that I want to block access to all people unless they are redirected there from a certain page.
Can .htaccess do this and what would the code look like?
Thanks for any help.

mlseim
02-14-2008, 08:16 PM
I think people can spoof a URL referrer:
http://www.google.com/search?q=php+url+referrer+spoof&btnG=Search&hl=en&safe=off

That means they could get past the .htaccess?

And what if some people disable passing of the HTTP_REFERER variable in their browsers?

Maybe using PHP sessions would be better?
If they login using PHP sessions, you could restrict pages based on a login.

Just some thoughts ... wait and see what others might say.
I'm not an .htacess expert myself.

Jedi Knight
02-14-2008, 10:30 PM
The page doesnot require logins.
I only want access after redirecting from paypal.
I have a service that is linked to paypal (step one), then after paying is redirected to the next page (step two) to complete the transaction. I don't want anyone to be able to bypass step one. but no login is required.

I don't know if this makes it harder or easier to do with php.
I wouldn't think it would make any difference with .htaccess whether they're logged in or not.
Anyway, thanks and lets wait and see what others think.

mlseim
02-15-2008, 02:27 AM
With PayPal, you use an IPN number to return back.

Have you been to the PayPal developer's site?
You can create a "sandbox" to play with, and use
fake buyer and seller to test your script(s). They
actually have a "fake" credit card too for an actual
realistic test without doing a real transaction.

Jedi Knight
02-15-2008, 01:47 PM
I already have the paypal code tested and in place.
What worries me is someone who pays and goes to step two, then bookmarks the url of step two and can return there anytime to use the service without going to step one first.
Unless, since they're not logged in, 'define in phpBB true' would stop this. Let me test this without my cookie.

Well that was silly, if it would have stopped it then, it would have stopped it from redirecting thetre from paypal. Too early to be thinking, I guess. lol.

Jedi Knight
02-18-2008, 03:19 AM
Well I've managed to put some JS together to do this, which will work if I'm dealling with someone not smart enough to disable it. But I'll use it till something better comes along.

Here's the script if anyone cares:


<SCRIPT LANGUAGE="JavaScript">
<!-- Begin
var arrURL = new Array();

arrURL[0] = "http://my.com/page1.html";
arrURL[1] = "http://my.com/page2.html";

var boolValidReferrer = false;

for (var i = 0; i < arrURL.length; i++) {
if (arrURL[i].toLowerCase() == document.referrer.toLowerCase()) {
boolValidReferrer = true;
break;
}

}

if (!boolValidReferrer) { // if they didn't find a match then do some action...
alert("You must pay first to use this service");
window.location.href="http://my.com/redirected-to.html";
}
// End -->
</script>

mlseim
02-18-2008, 03:41 AM
Don't look into PHP cookies ... look into PHP sessions.
Search Google for PHP sessions.

Jedi Knight
02-18-2008, 04:19 PM
Don't look into PHP cookies ... look into PHP sessions.
Search Google for PHP sessions.

After searching Google and reading through dozens of pages, I am certain that this will be way over my head. I have almost no php knowledge.
You have been more than helpful, thank you.



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum