...

View Full Version : View only the main page script?



Brad_Armitage
10-14-2005, 04:21 PM
I'm not sure if this would be a javascript question, but how can I prevent users from browsing to any page they want to on my website by typing in the URL to it in the address bar? I only want them to be able to access the main page (index.php) :D

Kor
10-14-2005, 04:28 PM
Only a server-side application is able to do properly this job. Javascript is a client-side language, and it was designed for other purposes.

Brad_Armitage
10-14-2005, 04:32 PM
So I could only use php for example? (which I'm already using)

Kor
10-14-2005, 04:33 PM
I guess so. Ask in the php forum for that

Pyth007
10-14-2005, 04:54 PM
It is indeed a php issue...
A possible solution would be to create a session variable in your index.php (linked to by index.html; use index.html to establish page design and index.php to fill in contents) and then check to see if this variable is set on your other pages. If it's not set, then redirect to index.html.
For example:


// in index.php
<?
session_start();
$_SESSION['authorization']=1;
....

// in nextPage.php
<?
session_start();
if (!isset($_SESSION['authorization']))
{
?>
<html><head>
<script type="text/JavaScript">
setTimeout("top.location = 'index.html';", 0);
</script>
</head></html>
<?
} elseif ($_SESSION['authorization'] == 1) {
?>
<html>
<head> <!-- your header stuff --> </head>
<!-- next line prevents user to use 'history' to get to page -->
<!-- (eg prevents next person using browsers 'back' to gain access) -->
<body onLoad="if(history.length>0)history.go(1);">
<!-- the rest of your html page -->
</html>
<?
}
?>

Brad_Armitage
10-14-2005, 05:10 PM
There's one problem with that, the pages in question are all simply html pages, only the index is a php generated page (very simple one, only includes another php file and a counter). Can I still check to see if the variable is set on the other pages?

Pyth007
10-14-2005, 07:03 PM
$_SESSION['authorization'] is a php variable, so you need to use php pages to access this. There may be a way to do something similar with cookies, but I've never used them... The problem with cookies is that they are stored on the users computer whereas session variables are on the server, so users can hack at the cookies easier than session variables. Also some users won't accept cookies to be stored to improve security at their end.

Can't you convert the html pages to php pages? Just change the extensions to .php, insert your html code into the code I posted before, and make sure that any other links call the .php versions.

Several text editors allow you to do a search / replace so it wouldn't be too difficult to make the changes inside the file (TextPad allows regular expression searches as well as plain text). And a batch process could easily change all of the .html files to .php

Brad_Armitage
10-14-2005, 07:51 PM
Yeah I'm going to have to change them then, it's really a big problem! Thanks, and I just 2 more questions:

1- What exactly does the second part of the script do because my pages (that I'm going to convert to php) are already coded in html?

2- Why would I need an index.html when all my html is already coded in my index.php? And can I just put that first piece of code in my counter.php file that's being included into the index.php? (the counter.php already has a session start();)

Pyth007
10-14-2005, 11:28 PM
In reverse order (since I think #1 will require more explanation):
2) Having an index.html is just a preference thing on my part; you really don't need it. By having an html page set up the structure (eg frames or major div's that you access throughout your site; like a menu, header, and main viewing divs / frames) and then having a different php file fill in the content, you can hide your codes etc. if someone "views source" -- the only source code they'll see will be the index.html structure! It's just an added security measure on your end...

As for having the first part in your counter.php file, it depends on whether or not you mind if a person can access the counter file without having to go through the index page. If it is purely a counter page and does not contain any sensitive info., then you should be fine to put that first part there.

1) To answer this, I'll just repeat that code and try to add more comments... let me know if you're still confused afterwards


<?
session_start(); // Starts a new session or gathers an existing session data

// The if condition, following the comments, checks to see if the session
// variable "named" 'authorization' is absent from the super-global array
// $_SESSION that was obtained in the first line (read it as "if NOT exists
// the $_SESSION['authorization'] variable"). A person trying to get to this
// page without having first gone through your index page (where
// $_SESSION['authorization'] was set) will register this condition as true.
if (!isset($_SESSION['authorization']))

// If trying to get in without going through the index page, do the following:
{
?>
<!-- Make a mini web-page that redirects the user to the index page -->
<html><head>
<script type="text/JavaScript">

<!-- The line that does the actual redirection. The amount of time before the
browser is refreshed to the index page is set to 0 meaning that it happens
almost immediately (or as fast as the brower can translate the code) -->
setTimeout("top.location = 'index.html';", 0);

</script>
</head></html>
<?

// If user has gotten here via starting at the index page, do the following
// (note I have set-up an added precaution to ensure that not only does the
// $_SESSION['authorization'] variable exist, but that it is also equal to
// the value that the index page should have set it to. Its not really
// necessary; a simple "} else {" would work just as well) :
} elseif ($_SESSION['authorization'] == 1) {
?>

<!-- Enter in your html like normal in this section except for the slight change
in the <body> tag (see html <!--comments--> below)
************************* -->
<html>
<head> <!-- your header stuff --> </head>
<!-- next line prevents user to use 'history' to get to page -->
<!-- (eg prevents next person using browsers 'back' to gain access) -->
<body onLoad="if(history.length>0)history.go(1);">
<!-- the rest of your html page -->
</html>
<!-- **************************
The last brace in the php's if-then-else block; php will complain of the
script ending too soon if this is forgotten -->
<?
}
?>

Thus your currently existing html code will go in between the
***********
***********'s
and the outside stuff will get added to check how the user entered the page.



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum