...

View Full Version : IF doing things backwards



Herz0g
01-16-2010, 06:07 AM
I have a simple script I want to be accessible only through it's referring page and not directly via URL i.e. typed into the address bar.

So what I've come up with is an intermediary jump page that starts a session, adds a second variable and then redirects to script.php

The idea is that you can't access script.php without going through the inital 2 pages first i.e. page.php -> jump.php -> script.php

Here is the code:

page.php

<a href="http://www.mysite.com/jump.php?xyz=ABC">Script</a>

jump.php

<?php
session_start();
$_SESSION['var1'] = $_GET['xyz'];
$foobar = "123";
$_SESSION['var2'] = $foobar;
header( 'Location: http://www.mysite.com/script.php' ) ;
?>

script.php

<?php
$pass = $_SESSION['var1'].$_SESSION['var2'];
$pass = true;
if ( !$pass )
{
echo "<b>403 Forbidden</b>";

}
else
{


// execute script


}
session_unset();
session_destroy();
?>




I think it's clear what I want here, the 2 variables have to be matched and validated before the script can be executed, so accessing either jump.php or script.php directly will result in a 403.

The problem is that in practice it's all backward and script.php is still accessible directly or thru jump.php. Namely,

if ( !$pass )
oddly results in a :thumbsup: and execution of the script while

if ( $pass )
results in "403 Forbidden," when it should clearly be the other way round. And as mentioned, script.php is accessible directly.

However

echo $pass;
outputs the correct "ABC123" when script.php is accessed via page.php, in this case accessing script.php directly results in a desired blank screen.

Any ideas on why this works with ECHO but not with IF?

Thanks.

Puffin the Erb
01-16-2010, 10:29 AM
You need to start the session, also I have changed your test to what I think you wanted.
Change script.php as follows :



session_start();
$pass = isset($_SESSION['var1']) ? $_SESSION['var1'] : '';
$pass .= isset($_SESSION['var2']) ? $_SESSION['var2'] : '';

if ( $pass != 'ABC123')
{
echo "<b>403 Forbidden</b>";

}
else
{


// execute script


}
session_unset();
session_destroy();

JAY6390
01-16-2010, 01:28 PM
If you're using sessions you shouldn't require the referrer url stuff. I find it quite long winded for just getting a page to run



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum