Detecting where the user originates from

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
letitbeme
Forum Newbie
Posts: 5
Joined: Sat Apr 28, 2007 5:54 am

Detecting where the user originates from

Post by letitbeme »

Hello fellow members.

I was trying to code a few pages and I need to secure them a bit. But I am stuck a little bit. I am not sure if it is possible to know where the user originates from.

For example, say I have a page called "Secure.php".

Now, I have another page called "Redirect.php" which contains a link (or redirect) which would take you to "secure.php"

Now, I want to check if the visitor on the secure.php page has come to it from the link (or redirect) on "secure.php" or from somewhere else. If he is coming from redirect.php, he is shown content, say "ABCDEFG" and if not, he is shown content "PQRSTU".

Is it possible to do this? What type of scripting would this take?

Please help me out. I've tried too hard trying to do this but don't seem to get a hold of it.

Regards.
User avatar
Chris Corbyn
Breakbeat Nuttzer
Posts: 13098
Joined: Wed Mar 24, 2004 7:57 am
Location: Melbourne, Australia

Post by Chris Corbyn »

Set a session variable on redirect.php, then check for that session variable in secure.php. This is the usual way to handle things like this :)
letitbeme
Forum Newbie
Posts: 5
Joined: Sat Apr 28, 2007 5:54 am

Post by letitbeme »

Thanks d11.

I know a bit about sessions. Doesn't it require cookies to be turned on? Some users are "wary" of cookies and I don't want them to feel left out when they come to my page.

I think this is doable through .HTACCESS files. Any idea about that or some site you could point me to? :)

I'd be grateful to you :)

Regards.
rebus
Forum Newbie
Posts: 11
Joined: Tue Nov 07, 2006 6:13 pm
Location: Croatia, Zadar

Post by rebus »

You can check from where the user has come to your page by checking $_SERVER['HTTP_REFERER'], but this is not very reliable solution. Nor recommended one.

http://uk.php.net/reserved.variables

I would suggest using sessions rather then just checking for reffering page. And you don't need cookies to get sessions working.

http://uk.php.net/manual/en/ref.session.php
letitbeme
Forum Newbie
Posts: 5
Joined: Sat Apr 28, 2007 5:54 am

Post by letitbeme »

Thanks Rebus.

From the page you linked about Sessions, it says that it can be stored in a cookie on the user side or is propagated in the URL.

This means that for my page to work with sessions, the user must have cookies turned on, right?

If the send the session ID in the URL, the URL can then be copied to create the same session id again and again, right? Or am I taking this wrongly?

It would be very good if I could have some code here. Can you help me code it a bit? I haven't used sessions before :(

Regards.

EDIT: This is what I came up with:

In my redirect.php file, I put the following code:

Code: Select all

<?php

session_start();

session_register( "originate" );

 

$originate="teststring";

echo "Done!";

?>
Then, in the secure.php file, I put this:

Code: Select all

<?php

session_start();

?>

<html>

<body>

<?php

if($originate="teststring")
{
echo "Success!"
}
else
{
echo "Failure"
}

?>

</body>

</html>
The problem is that the if...else statement is not working. I am sure this has to do something related to global variables. Could you guide me here? Actually, two questions>> 1. How do I get the if..else to work (using global variables) 2. What if the person accesses the secure.php file directly (in which case there will be no variable at all, so the if..else would create problems again).
rebus wrote:You can check from where the user has come to your page by checking $_SERVER['HTTP_REFERER'], but this is not very reliable solution. Nor recommended one.

http://uk.php.net/reserved.variables

I would suggest using sessions rather then just checking for reffering page. And you don't need cookies to get sessions working.

http://uk.php.net/manual/en/ref.session.php
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Post by John Cartwright »

Redirect.php

Code: Select all

session_start();
$_SESSION['originate'] = 'teststring';
Secure.php

Code: Select all

session_start();

if(isset($_SESSION['originate']) && $_SESSION['originate'] == 'teststring')
{
echo "Success!"
}
else
{
echo "Failure"
}
A couple things you had wrong, session_register() is deprecated, use sessions by calling the super global $_SESSION. Another, in your secure.php make sure you understand the difference between the assignment operator "=" and the comparison operator "=="
letitbeme
Forum Newbie
Posts: 5
Joined: Sat Apr 28, 2007 5:54 am

Post by letitbeme »

Thanks Jcart.

Yes, I overlooked the "=" to sign. It should have been "==" since I am comparing two values.

I've tried running it with the code you gave but I did not get any output :(

Shouldn't teststring be within " & " instead of ' & ' ?

What I am doing is this:
I access redirect.php from the browser by directly pasting its its location in the address bar. Then I access secure.php from the browser by pasting its location in the address bar.

Could this be the reason there is no output? I think it should at least tell me "Failure" but it is just giving me a blank page :(

Regards.
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Post by John Cartwright »

Ah sorry, I was in a rush and forgot to add the semi-colons after each echo.

i.e. echo 'Success';
letitbeme
Forum Newbie
Posts: 5
Joined: Sat Apr 28, 2007 5:54 am

Post by letitbeme »

Lol, and how silly can I be to not notice the semicolons! [:P]

Thanks for your help buddy :)

By the way, if you do custom php work, I have something I need to get done. PM me if interested and i'll PM you the details :)

Regards.
Post Reply