Herz0g
01-16-2010, 06:07 AM
I have a simple script I want to be accessible only through it's referring page and not directly via URL i.e. typed into the address bar.
So what I've come up with is an intermediary jump page that starts a session, adds a second variable and then redirects to script.php
The idea is that you can't access script.php without going through the inital 2 pages first i.e. page.php -> jump.php -> script.php
Here is the code:
page.php
<a href="http://www.mysite.com/jump.php?xyz=ABC">Script</a>
jump.php
<?php
session_start();
$_SESSION['var1'] = $_GET['xyz'];
$foobar = "123";
$_SESSION['var2'] = $foobar;
header( 'Location: http://www.mysite.com/script.php' ) ;
?>
script.php
<?php
$pass = $_SESSION['var1'].$_SESSION['var2'];
$pass = true;
if ( !$pass )
{
echo "<b>403 Forbidden</b>";
}
else
{
// execute script
}
session_unset();
session_destroy();
?>
I think it's clear what I want here, the 2 variables have to be matched and validated before the script can be executed, so accessing either jump.php or script.php directly will result in a 403.
The problem is that in practice it's all backward and script.php is still accessible directly or thru jump.php. Namely,
if ( !$pass )
oddly results in a :thumbsup: and execution of the script while
if ( $pass )
results in "403 Forbidden," when it should clearly be the other way round. And as mentioned, script.php is accessible directly.
However
echo $pass;
outputs the correct "ABC123" when script.php is accessed via page.php, in this case accessing script.php directly results in a desired blank screen.
Any ideas on why this works with ECHO but not with IF?
Thanks.
So what I've come up with is an intermediary jump page that starts a session, adds a second variable and then redirects to script.php
The idea is that you can't access script.php without going through the inital 2 pages first i.e. page.php -> jump.php -> script.php
Here is the code:
page.php
<a href="http://www.mysite.com/jump.php?xyz=ABC">Script</a>
jump.php
<?php
session_start();
$_SESSION['var1'] = $_GET['xyz'];
$foobar = "123";
$_SESSION['var2'] = $foobar;
header( 'Location: http://www.mysite.com/script.php' ) ;
?>
script.php
<?php
$pass = $_SESSION['var1'].$_SESSION['var2'];
$pass = true;
if ( !$pass )
{
echo "<b>403 Forbidden</b>";
}
else
{
// execute script
}
session_unset();
session_destroy();
?>
I think it's clear what I want here, the 2 variables have to be matched and validated before the script can be executed, so accessing either jump.php or script.php directly will result in a 403.
The problem is that in practice it's all backward and script.php is still accessible directly or thru jump.php. Namely,
if ( !$pass )
oddly results in a :thumbsup: and execution of the script while
if ( $pass )
results in "403 Forbidden," when it should clearly be the other way round. And as mentioned, script.php is accessible directly.
However
echo $pass;
outputs the correct "ABC123" when script.php is accessed via page.php, in this case accessing script.php directly results in a desired blank screen.
Any ideas on why this works with ECHO but not with IF?
Thanks.