So here's the story, I am working on a relatively basic script to block users from directly accessing a url unless they sign in from another page. The script works fine in mozilla, but not in IE. When run in IE, it gives alert box even when right passowrd is enetred....
Works like a dream in Mozilla, but not in IE.

I just want some help in what I could be missing in the script to get it to work in IE. (syntax?) Everything works fine except for this aspect.

thanks for your help
J

**************************
<html>

<head>

<title>blblalala</title>
</head>

<?php
$cp = $_SERVER['HTTP_REFERER'];
if ($cp !="http://www.blablabla.html") {
echo "
<script>alert('Access Denied');window.history.back(1);</script>";exit();
}
?>

<body<


XXXXXXXXXXXXXXXX


</body>
</html>

If you are going to do this with PHP you would be better off using a session variable that you set on the sign in page and check for on the restricted page. HTTP_REFERER information is not reliable as it is provided by the web browser and not all browsers provide it, provide it correctly or allow the user to change their referrer information which of course means they could easily bypass your login page.

If you are going to do this with PHP you would be better off using a session variable that you set on the sign in page and check for on the restricted page. HTTP_REFERER information is not reliable as it is provided by the web browser and not all browsers provide it, provide it correctly or allow the user to change their referrer information which of course means they could easily bypass your login page.

Hi Spookster,

I agree it is not the most secure, but it's a long story. Basically, want I want to do is make this site accesbile via windows ce for mobile devices. The php session was not working for me in a code that I had used, as windows ce was not allowing cookies. I need a very basic login, no cookies or sql page. what I had worked out was the following, and it works perfect in firefox, heck it even works well in windows ce (without deny access). my issue was people who accessed the "mobile" site for windows ce in a normal desktop browser and could see the "secure area". To be honest the secure area does not need to be that secure, but secure enough that the average user cannot get in without a password...I hope this make sense. Do you have any thought on how to make the above script work with IE or do you know where I could get a very basic php scipt that will allow log inwithout cookies and still work?

thanks for all your help-sorry for the long post.

Does each person require a seperate login or is everyone just going to use the same login? If the latter then can you use .htacess for this? If you can't use sessions and http_referrer is not reliable then you are running out of options. I've never used Windows CE so I don't know what it supports and what it doesn't.

Does each person require a seperate login or is everyone just going to use the same login? If the latter then can you use .htacess for this? If you can't use sessions and http_referrer is not reliable then you are running out of options. I've never used Windows CE so I don't know what it supports and what it doesn't.

just a general log on....you're right, i think .htacess might be the way to go...the easy way is the one you always forget :p

thanks :)