Page 1 of 1

How to forbid opening a site?

Posted: Sun Feb 05, 2006 2:08 am
by VBmaster
Hello everybody,

I have a site where I am selling some stuff. Now, when I click on the "Buy now" link, it leads to /buy.php page. But, when I just write in my address box in the Browser that URL of buy.php, it also opens it. How do I forbid opening it from other sides?

Thank you,
VBmaster

Posted: Sun Feb 05, 2006 2:16 am
by feyd
check the referrer? problem is, that header isn't required, therefore unreliable.

What I would suggest is have it verify that there is an item in the submission data. If so, let it in, otherwise throw it to some error page.

Posted: Sun Feb 05, 2006 2:57 pm
by Christopher
One way to do this kind of verification is to the have pages on your site that have links to buy.php generate a unique key and both save it in session and add it to the URLs to buy.php. Then the buy.php page checks that the value in the session is the same as the parameter passed. This is a pretty common form validation methodology.

Posted: Sun Feb 05, 2006 3:00 pm
by Chris Corbyn
Set some session data when the customer adds items to the cart and check that the session data is there on the buy page... if it's not, redirect to the products page or display some sort of graceful error :)

Posted: Sun Feb 05, 2006 3:19 pm
by m3mn0n
For more PHP security help and tips, be sure to explore the PHPDN's PHP Security forum. :)