Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 3 of 3
  1. #1
    New Coder
    Join Date
    Jul 2008
    Posts
    15
    Thanks
    4
    Thanked 0 Times in 0 Posts

    IF doing things backwards

    I have a simple script I want to be accessible only through it's referring page and not directly via URL i.e. typed into the address bar.

    So what I've come up with is an intermediary jump page that starts a session, adds a second variable and then redirects to script.php

    The idea is that you can't access script.php without going through the inital 2 pages first i.e. page.php -> jump.php -> script.php

    Here is the code:

    page.php
    PHP Code:
    <a href="http://www.mysite.com/jump.php?xyz=ABC">Script</a
    jump.php
    PHP Code:
    <?php
    session_start
    ();
    $_SESSION['var1'] = $_GET['xyz'];
    $foobar "123";  
    $_SESSION['var2'] = $foobar;
    header'Location: http://www.mysite.com/script.php' ) ;
    ?>
    script.php
    PHP Code:
    <?php
    $pass 
    $_SESSION['var1'].$_SESSION['var2'];
    $pass true;
    if ( !
    $pass )
    {
    echo 
    "<b>403 Forbidden</b>";

    }
    else
    {


     
    // execute script


    }
    session_unset();
    session_destroy();
    ?>
    I think it's clear what I want here, the 2 variables have to be matched and validated before the script can be executed, so accessing either jump.php or script.php directly will result in a 403.

    The problem is that in practice it's all backward and script.php is still accessible directly or thru jump.php. Namely,
    PHP Code:
    if ( !$pass 
    oddly results in a and execution of the script while
    PHP Code:
    if ( $pass 
    results in "403 Forbidden," when it should clearly be the other way round. And as mentioned, script.php is accessible directly.

    However
    PHP Code:
    echo $pass
    outputs the correct "ABC123" when script.php is accessed via page.php, in this case accessing script.php directly results in a desired blank screen.

    Any ideas on why this works with ECHO but not with IF?

    Thanks.

  • #2
    Regular Coder
    Join Date
    Oct 2004
    Posts
    168
    Thanks
    0
    Thanked 5 Times in 5 Posts
    You need to start the session, also I have changed your test to what I think you wanted.
    Change script.php as follows :

    PHP Code:
    session_start();
    $pass  = isset($_SESSION['var1']) ? $_SESSION['var1'] : '';
    $pass .= isset($_SESSION['var2']) ? $_SESSION['var2'] : '';

    if ( 
    $pass != 'ABC123')
    {
    echo 
    "<b>403 Forbidden</b>";

    }
    else
    {


     
    // execute script


    }
    session_unset();
    session_destroy(); 

  • Users who have thanked Puffin the Erb for this post:

    Herz0g (01-16-2010)

  • #3
    Regular Coder
    Join Date
    Dec 2009
    Location
    UK
    Posts
    495
    Thanks
    0
    Thanked 58 Times in 58 Posts
    If you're using sessions you shouldn't require the referrer url stuff. I find it quite long winded for just getting a page to run
    My site: JayGilford.com
    Resources:
    PHP Pagination Class | Getting all page links | Handling PHP Errors properly
    If you like a users help, show your appreciation with the rep and thanks buttons :)


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •