How to forbid opening a site?

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
VBmaster
Forum Newbie
Posts: 2
Joined: Sun Feb 05, 2006 2:02 am

How to forbid opening a site?

Post by VBmaster »

Hello everybody,

I have a site where I am selling some stuff. Now, when I click on the "Buy now" link, it leads to /buy.php page. But, when I just write in my address box in the Browser that URL of buy.php, it also opens it. How do I forbid opening it from other sides?

Thank you,
VBmaster
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

check the referrer? problem is, that header isn't required, therefore unreliable.

What I would suggest is have it verify that there is an item in the submission data. If so, let it in, otherwise throw it to some error page.
User avatar
Christopher
Site Administrator
Posts: 13596
Joined: Wed Aug 25, 2004 7:54 pm
Location: New York, NY, US

Post by Christopher »

One way to do this kind of verification is to the have pages on your site that have links to buy.php generate a unique key and both save it in session and add it to the URLs to buy.php. Then the buy.php page checks that the value in the session is the same as the parameter passed. This is a pretty common form validation methodology.
(#10850)
User avatar
Chris Corbyn
Breakbeat Nuttzer
Posts: 13098
Joined: Wed Mar 24, 2004 7:57 am
Location: Melbourne, Australia

Post by Chris Corbyn »

Set some session data when the customer adds items to the cart and check that the session data is there on the buy page... if it's not, redirect to the products page or display some sort of graceful error :)
User avatar
m3mn0n
PHP Evangelist
Posts: 3548
Joined: Tue Aug 13, 2002 3:35 pm
Location: Calgary, Canada

Post by m3mn0n »

For more PHP security help and tips, be sure to explore the PHPDN's PHP Security forum. :)
Post Reply