Hi there...

I'm using Mambo CMS for the main page of my site (www.fj1200.nl) and I also installed the PHPBB forum script standalone so not as a Mambo component (www.fj1200.nl/forum).

What I want to do is that when people set their homepage directly to "www.fj1200.nl/forum" that they get redirected to "www.fj1200.nl".
They should only be able to get to the forum by clicking on a link on "www.fj1200.nl".

I've been playing around a bit with "http_referer" and I can get it to go from "forum" to the homepage but when I use the link on the homepage it doesn't go to the forum but again get's redirected to the homepage.
I also understand, from reading a lot of posts, that using HTTP_referer isn't a reliable procedure.

Does anybody have another idea on how to get this to work? I mean...it can be done can't it ?
I don't care if it's done through HTTP_referer or any other way....it's the result that counts :)

Thanks for thinking with me on this...

http_referer can be empty or faked. you shouldn't use it. You could 'emulate' http_referer using sessions. When there is no session you get redirected to the index page.

Seems to me you can do something along these lines with some JavaScript.

Well thanks for the reply's

I managed to do something with javascript and for now this works:

<script type="text/javascript">
<!--
if (document.referrer.indexOf("http://www.fj1200.nl")==-1){
location.href="http://www.fj1200.nl/index.php";
}
// -->
</script>

But this is still using the unsafe "referer" method.

Any chance on finding something more failsafe? or should I then post this question in a different section of the forum.

You can not do it with JS since the reffer must'nt be sent by the browser (for privacy reasns) or faked. So if someone has a blank referer he will be relocated to the index page every time.
Not to mention someone may disable JS.

so what about your idea with the sessions then?....could you perhaps provide me with a script I could use?

<?
session_start();
if(!isset($_SESSION['page_name']))
{ // No session.
header("Location: index.php");
}
?>

This is the most baisic way. You are required to use sessions on all your pages. You should be doing it anyway. It's good for gathering traffic info and such.
It just checks if the session variable page_name was set. If not it will redirect to the index page (where iot should be set). It doesn't actually check what was the last page (you don't really need it) it only checks if that value was set on the index page. It will allow the user to visit your pages without redirecting untill the session expires.

Hmmm.. I doubt if I can get this to work...
I've been reading a lot and so far it got me to this:

This is on top of the main index page that I would like people to visit first.
<?php
session_start();
$_SESSION['fj1200'] = 'fj1200';

/** Rest of the script code */

?>

And this should be in the .index file that they can go to by clicking a link on that main index page.

<?php
session_start();
if(!isset($_SESSION['fj1200'])){
header("Location: http://www.fj1200.nl/forum/index.php");
}else{
header("Location: http://www.fj1200.nl/index.php");
}

/** Rest of the script code */

?>

So they have to go to "fj1200.nl/index.php" first and then they can go to "fj1200.nl/index.php/forum/index.php"

What am I doing wrong here ?

I thought you said you want them to browse your site when the have a session and have visited the index page right? So the index should be something like this:

<?php
session_start();
if(!isset($_SESSION['fj1200'])){
session_register('fj1200', 'index');
}
/** Rest of the script code */
?>

and the code on all other pages should only check if the variable $_SESSION['fj1200'] has been set so:

<?php
session_start();
if(!isset($_SESSION['fj1200']))
{
header("Location: http://www.fj1200.nl/forum/index.php");
}
/** Rest of the script code */
?>

That should work.

Now I feel like we're getting somewhere..... :)

I tried your code and ran into a few "small" problems.

1. When I enter if(!isset($_SESSION['fj1200'])){
into the code of the forum script it just doesn't load at all anymore.
Now I noticed that "!isset" and "isset" are beeing used randomly in a lot of scripts I've seen.
Is there a difference between those two because when I put "isset" instead of "!isset" the forum script does load.

2. If I put this code (yours)
<?php
session_start();
if(!isset($_SESSION['fj1200']))
{
header("Location: http://www.fj1200.nl/forum/index.php");
}
/** Rest of the script code */
?>

into the script, where is the script told that when the session ID "fj1200" isn't set that it should go to "http://www.fj1200.nl/index.php"

I mean, should there be an "else" statement there also ?

Like:
IF the session ID is "fj1200"
THEN run current script
ELSE goto www.fj1200.nl/index.php

Could you also tell me if there is a way to set the "time to live" of a session? or is the session simply finished when the browser closes?

Sorry to bother you again.

isset means if the variable is set
!isset means if the variable is NOT set run

Great...this is helpfull...

Could you tell me if there is a way to see if the variable is set ?

when I do
<?php
session_start();
if(!isset($_SESSION['fj1200'])){
session_register('fj1200', 'index');
}
echo $_SESSION;

/** Rest of the script code */
?>


it says "Array"

on top of the loaded page...is that what's in the variable?And shouldn't that read "fj1200" ?

$_SESSION is an array (http://www.php.net/array) (superglobal but don't get distracted by that). That's why were checking for $_SESSION['fj1200'].
If youd like to see what the array holds you can print_r() (http://www.php.net/print_r) it.

As to the '!': The '!' is a negation (http://mathworld.wolfram.com/Negation.html). We wan to check if the variable is not set since it is easyer. We could do it the other way around. It would be like this:

<?php
session_start();
if(isset($_SESSION['fj1200']))
{
/** Rest of the script code */
}
else
{
header("Location: http://www.fj1200.nl/forum/index.php");
}
?>