View Full Version : Securing a page

10-10-2009, 08:20 PM
Ok how can I secure my registration page so that only people who have paid get access to it?

for example :

http://www.xxxxxxxx.com/register.php is where you can register - but that is where the paypal success redirects to - so after they pay they register...but is there a way I can block people from that page so its only accessible if they paid?

It needs to be automated and secure.


10-10-2009, 08:34 PM
Well what I would do if I were you is have them register to pay. That way you can track their account and then when they pay you can flip a variable in your database signifying they can pay and then give them access to "members" areas.

Using that method it also gives you the ability to perhaps send periodic automatic e-mails to users whom have registered but not paid saying something to the tune of "Hey, thanks for registering! Don't forget we've got all these wonderful things if you pay! You can pay <here>."

Just some unsolicited advice there.

If you would rather try to have them register after payment the only way I can think of off hand is if you somehow were able to confirm they were coming from a specific website (in this case PayPal). I know PayPal allows you to specify a completion page that they are sent to after the user pays money - you could always make that page your registration page with a security variable (ie: http://mywebsite.com/register.php?security=XYZ123) then run a check: if( $_REQUEST['security'] != "XYZ123" ){ die( "Access Denied" ); }.

The downside to the method I listed above is that anyone who has the security variable could then register on your website without trouble.

I hope this provides you some insight into the situation. Someone else may well have a more secure alternative than the one I presented.

10-10-2009, 11:23 PM
Thats exactly what I needed. How do I implement that?

I have it so that when they complete their payment - Paypal directs them to complete.php

Do I just put in the link on my paypal - instead of www.xxxxxx.com/complete.php

make it


and then add the request['security'] bit into the php code of complete.php?

10-11-2009, 11:25 AM
Yeah Angelous you could do that, i would however i'd take a look in IPN(Instant Payment Notification) from paypal, in this way you can let complete.php automatically store all payment info in the mysql database, it can also send out an email.

10-17-2009, 05:41 AM
I tried that - I don't have sufficient programming skills to implement it. However the prevous irdea is good - just I can't seem to get it to work :S