Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 8 of 8
  1. #1
    Regular Coder
    Join Date
    Feb 2008
    Posts
    119
    Thanks
    23
    Thanked 2 Times in 2 Posts

    .htaccess help needed

    I read an article from someone here about restricting access to a page from certain url.
    How can I grant access to a page to only a certain url?

    To clarify, I have a page on my server that I want to block access to all people unless they are redirected there from a certain page.
    Can .htaccess do this and what would the code look like?
    Thanks for any help.

  • #2
    Master Coder
    Join Date
    Jun 2003
    Location
    Cottage Grove, Minnesota
    Posts
    9,468
    Thanks
    8
    Thanked 1,085 Times in 1,076 Posts
    I think people can spoof a URL referrer:
    http://www.google.com/search?q=php+u...hl=en&safe=off

    That means they could get past the .htaccess?

    And what if some people disable passing of the HTTP_REFERER variable in their browsers?

    Maybe using PHP sessions would be better?
    If they login using PHP sessions, you could restrict pages based on a login.

    Just some thoughts ... wait and see what others might say.
    I'm not an .htacess expert myself.

  • #3
    Regular Coder
    Join Date
    Feb 2008
    Posts
    119
    Thanks
    23
    Thanked 2 Times in 2 Posts
    The page doesnot require logins.
    I only want access after redirecting from paypal.
    I have a service that is linked to paypal (step one), then after paying is redirected to the next page (step two) to complete the transaction. I don't want anyone to be able to bypass step one. but no login is required.

    I don't know if this makes it harder or easier to do with php.
    I wouldn't think it would make any difference with .htaccess whether they're logged in or not.
    Anyway, thanks and lets wait and see what others think.

  • #4
    Master Coder
    Join Date
    Jun 2003
    Location
    Cottage Grove, Minnesota
    Posts
    9,468
    Thanks
    8
    Thanked 1,085 Times in 1,076 Posts
    With PayPal, you use an IPN number to return back.

    Have you been to the PayPal developer's site?
    You can create a "sandbox" to play with, and use
    fake buyer and seller to test your script(s). They
    actually have a "fake" credit card too for an actual
    realistic test without doing a real transaction.

  • #5
    Regular Coder
    Join Date
    Feb 2008
    Posts
    119
    Thanks
    23
    Thanked 2 Times in 2 Posts
    I already have the paypal code tested and in place.
    What worries me is someone who pays and goes to step two, then bookmarks the url of step two and can return there anytime to use the service without going to step one first.
    Unless, since they're not logged in, 'define in phpBB true' would stop this. Let me test this without my cookie.

    Well that was silly, if it would have stopped it then, it would have stopped it from redirecting thetre from paypal. Too early to be thinking, I guess. lol.
    Last edited by Jedi Knight; 02-15-2008 at 01:56 PM.

  • #6
    Regular Coder
    Join Date
    Feb 2008
    Posts
    119
    Thanks
    23
    Thanked 2 Times in 2 Posts
    Well I've managed to put some JS together to do this, which will work if I'm dealling with someone not smart enough to disable it. But I'll use it till something better comes along.

    Here's the script if anyone cares:
    Code:
    <SCRIPT LANGUAGE="JavaScript">
    <!-- Begin
    var arrURL = new Array();
    
    arrURL[0] = "http://my.com/page1.html";
    arrURL[1] = "http://my.com/page2.html";
    
    var boolValidReferrer = false;
    
    for (var i = 0; i < arrURL.length; i++) {
    if (arrURL[i].toLowerCase() == document.referrer.toLowerCase()) {
    boolValidReferrer = true;
    break;
    }
    
    }
    
    if (!boolValidReferrer) { // if they didn't find a match then do some action...
    alert("You must pay first to use this service");
    window.location.href="http://my.com/redirected-to.html";
    }
    //  End -->
    </script>

  • #7
    Master Coder
    Join Date
    Jun 2003
    Location
    Cottage Grove, Minnesota
    Posts
    9,468
    Thanks
    8
    Thanked 1,085 Times in 1,076 Posts
    Don't look into PHP cookies ... look into PHP sessions.
    Search Google for PHP sessions.

  • Users who have thanked mlseim for this post:

    Jedi Knight (02-18-2008)

  • #8
    Regular Coder
    Join Date
    Feb 2008
    Posts
    119
    Thanks
    23
    Thanked 2 Times in 2 Posts
    Quote Originally Posted by mlseim View Post
    Don't look into PHP cookies ... look into PHP sessions.
    Search Google for PHP sessions.
    After searching Google and reading through dozens of pages, I am certain that this will be way over my head. I have almost no php knowledge.
    You have been more than helpful, thank you.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •