...

View Full Version : Page to Page



IFeelYourPain
02-16-2010, 05:15 AM
How can I make it so if a user who did not come from topic.php can not access the download.php page. I have information being passed from the topic.php page to the download page and I don't want them being able to access it without it being passed.

Dormilich
02-16-2010, 05:26 AM
check for the required information and deny the access, if not provided. you could also try the referrer header, but I remember it being not always sent.

Fou-Lu
02-16-2010, 05:26 AM
You can use a session for this. The only alternative is to detect the $_SERVER['HTTP_REFERER'], but this is provided via client side, so it is spoofable. At least with the session, you can mostly control this.
Its simply a matter of setting the referrer on the topic.php page into a session, then detecting it on download.php.


// topic.php
<?php
session_start();
$_SESSION['referrer'] = 'topic';
... do stuffs.
?>

//download.php
<?php
session_start();
if (!isset($_SESSION['referrer']) || $_SESSION['referrer'] != 'topic')
{
die ('Invalid page!');
// or do something, redirect whatever
}

.. do stuffs.
?>

IFeelYourPain
02-16-2010, 05:40 AM
How long is the session suppose to last? Cause after one test it worked, but after that I can consistently get back into the page without using topic.php.

Dormilich
02-16-2010, 06:39 AM
then you obviously would have to delete the session referrer variable after using it.

_Aerospace_Eng_
02-16-2010, 06:49 AM
then you obviously would have to delete the session referrer variable after using it.
e.g.

//download.php
<?php
session_start();
if (!isset($_SESSION['referrer']) || $_SESSION['referrer'] != 'topic')
{
die ('Invalid page!');
// or do something, redirect whatever
}
unset($_SESSION['referrer']); // deletes the session.
.. do stuffs.
?>



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum