Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 9 of 9
  1. #1
    New Coder
    Join Date
    May 2004
    Posts
    59
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Question View only the main page script?

    I'm not sure if this would be a javascript question, but how can I prevent users from browsing to any page they want to on my website by typing in the URL to it in the address bar? I only want them to be able to access the main page (index.php)

  • #2
    Kor
    Kor is offline
    Red Devil Mod Kor's Avatar
    Join Date
    Apr 2003
    Location
    Bucharest, ROMANIA
    Posts
    8,478
    Thanks
    58
    Thanked 379 Times in 375 Posts
    Only a server-side application is able to do properly this job. Javascript is a client-side language, and it was designed for other purposes.
    KOR
    Offshore programming
    -*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*

  • #3
    New Coder
    Join Date
    May 2004
    Posts
    59
    Thanks
    0
    Thanked 0 Times in 0 Posts
    So I could only use php for example? (which I'm already using)

  • #4
    Kor
    Kor is offline
    Red Devil Mod Kor's Avatar
    Join Date
    Apr 2003
    Location
    Bucharest, ROMANIA
    Posts
    8,478
    Thanks
    58
    Thanked 379 Times in 375 Posts
    I guess so. Ask in the php forum for that
    KOR
    Offshore programming
    -*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*

  • #5
    Regular Coder
    Join Date
    Sep 2005
    Posts
    535
    Thanks
    0
    Thanked 0 Times in 0 Posts
    It is indeed a php issue...
    A possible solution would be to create a session variable in your index.php (linked to by index.html; use index.html to establish page design and index.php to fill in contents) and then check to see if this variable is set on your other pages. If it's not set, then redirect to index.html.
    For example:
    PHP Code:
    // in index.php
    <?
    session_start
    ();
    $_SESSION['authorization']=1;
    ....

    // in nextPage.php
    <?
    session_start();
    if (!isset(
    $_SESSION['authorization']))
    {
      
    ?>
        <html><head>
          <script type="text/JavaScript">
            setTimeout("top.location = 'index.html';", 0);
          </script>
        </head></html>
      <?
    } elseif ($_SESSION['authorization'] == 1) {
      
    ?>
         <html>
           <head> <!-- your header stuff --> </head>
           <!-- next line prevents user to use 'history' to get to page -->
           <!-- (eg prevents next person using browsers 'back' to gain access) -->
           <body onLoad="if(history.length>0)history.go(1);">
           <!-- the rest of your html page -->
         </html>
       <?
    }
    ?>
    Last edited by Pyth007; 10-14-2005 at 05:49 PM.

  • #6
    New Coder
    Join Date
    May 2004
    Posts
    59
    Thanks
    0
    Thanked 0 Times in 0 Posts
    There's one problem with that, the pages in question are all simply html pages, only the index is a php generated page (very simple one, only includes another php file and a counter). Can I still check to see if the variable is set on the other pages?

  • #7
    Regular Coder
    Join Date
    Sep 2005
    Posts
    535
    Thanks
    0
    Thanked 0 Times in 0 Posts
    $_SESSION['authorization'] is a php variable, so you need to use php pages to access this. There may be a way to do something similar with cookies, but I've never used them... The problem with cookies is that they are stored on the users computer whereas session variables are on the server, so users can hack at the cookies easier than session variables. Also some users won't accept cookies to be stored to improve security at their end.

    Can't you convert the html pages to php pages? Just change the extensions to .php, insert your html code into the code I posted before, and make sure that any other links call the .php versions.

    Several text editors allow you to do a search / replace so it wouldn't be too difficult to make the changes inside the file (TextPad allows regular expression searches as well as plain text). And a batch process could easily change all of the .html files to .php

  • #8
    New Coder
    Join Date
    May 2004
    Posts
    59
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Yeah I'm going to have to change them then, it's really a big problem! Thanks, and I just 2 more questions:

    1- What exactly does the second part of the script do because my pages (that I'm going to convert to php) are already coded in html?

    2- Why would I need an index.html when all my html is already coded in my index.php? And can I just put that first piece of code in my counter.php file that's being included into the index.php? (the counter.php already has a session start()

  • #9
    Regular Coder
    Join Date
    Sep 2005
    Posts
    535
    Thanks
    0
    Thanked 0 Times in 0 Posts
    In reverse order (since I think #1 will require more explanation):
    2) Having an index.html is just a preference thing on my part; you really don't need it. By having an html page set up the structure (eg frames or major div's that you access throughout your site; like a menu, header, and main viewing divs / frames) and then having a different php file fill in the content, you can hide your codes etc. if someone "views source" -- the only source code they'll see will be the index.html structure! It's just an added security measure on your end...

    As for having the first part in your counter.php file, it depends on whether or not you mind if a person can access the counter file without having to go through the index page. If it is purely a counter page and does not contain any sensitive info., then you should be fine to put that first part there.

    1) To answer this, I'll just repeat that code and try to add more comments... let me know if you're still confused afterwards
    PHP Code:
    <? 
    session_start
    (); // Starts a new session or gathers an existing session data

    // The if condition, following the comments, checks to see if the session 
    // variable "named" 'authorization' is absent from the super-global array 
    // $_SESSION that was obtained in the first line (read it as "if NOT exists
    // the $_SESSION['authorization'] variable"). A person trying to get to this
    // page without having first gone through your index page (where
    // $_SESSION['authorization'] was set) will register this condition as true.
    if (!isset($_SESSION['authorization'])) 

    // If trying to get in without going through the index page, do the following:

      
    ?> 
     <!-- Make a mini web-page that redirects the user to the index page -->
        <html><head> 
          <script type="text/JavaScript"> 

    <!-- The line that does the actual redirection. The amount of time before the 
     browser is refreshed to the index page is set to 0 meaning that it happens
     almost immediately (or as fast as the brower can translate the code) -->
            setTimeout("top.location = 'index.html';", 0); 

          </script> 
        </head></html> 
      <? 

    // If user has gotten here via starting at the index page, do the following
    // (note I have set-up an added precaution to ensure that not only does the
    // $_SESSION['authorization'] variable exist, but that it is also equal to
    // the value that the index page should have set it to. Its not really
    // necessary; a simple "} else {" would work just as well) :
    } elseif ($_SESSION['authorization'] == 1) { 
      
    ?> 

    <!-- Enter in your html like normal in this section except for the slight change
     in the <body> tag (see html <!--comments--> below)
     ************************* -->
         <html> 
           <head> <!-- your header stuff --> </head> 
           <!-- next line prevents user to use 'history' to get to page --> 
           <!-- (eg prevents next person using browsers 'back' to gain access) --> 
           <body onLoad="if(history.length>0)history.go(1);"> 
           <!-- the rest of your html page --> 
         </html> 
    <!-- **************************
     The last brace in the php's if-then-else block; php will complain of the 
     script ending too soon if this is forgotten -->
       <? 

    ?>
    Thus your currently existing html code will go in between the
    ***********
    ***********'s
    and the outside stuff will get added to check how the user entered the page.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •