Detecting where the user originates from
Moderator: General Moderators
Detecting where the user originates from
Hello fellow members.
I was trying to code a few pages and I need to secure them a bit. But I am stuck a little bit. I am not sure if it is possible to know where the user originates from.
For example, say I have a page called "Secure.php".
Now, I have another page called "Redirect.php" which contains a link (or redirect) which would take you to "secure.php"
Now, I want to check if the visitor on the secure.php page has come to it from the link (or redirect) on "secure.php" or from somewhere else. If he is coming from redirect.php, he is shown content, say "ABCDEFG" and if not, he is shown content "PQRSTU".
Is it possible to do this? What type of scripting would this take?
Please help me out. I've tried too hard trying to do this but don't seem to get a hold of it.
Regards.
I was trying to code a few pages and I need to secure them a bit. But I am stuck a little bit. I am not sure if it is possible to know where the user originates from.
For example, say I have a page called "Secure.php".
Now, I have another page called "Redirect.php" which contains a link (or redirect) which would take you to "secure.php"
Now, I want to check if the visitor on the secure.php page has come to it from the link (or redirect) on "secure.php" or from somewhere else. If he is coming from redirect.php, he is shown content, say "ABCDEFG" and if not, he is shown content "PQRSTU".
Is it possible to do this? What type of scripting would this take?
Please help me out. I've tried too hard trying to do this but don't seem to get a hold of it.
Regards.
- Chris Corbyn
- Breakbeat Nuttzer
- Posts: 13098
- Joined: Wed Mar 24, 2004 7:57 am
- Location: Melbourne, Australia
Thanks d11.
I know a bit about sessions. Doesn't it require cookies to be turned on? Some users are "wary" of cookies and I don't want them to feel left out when they come to my page.
I think this is doable through .HTACCESS files. Any idea about that or some site you could point me to?
I'd be grateful to you
Regards.
I know a bit about sessions. Doesn't it require cookies to be turned on? Some users are "wary" of cookies and I don't want them to feel left out when they come to my page.
I think this is doable through .HTACCESS files. Any idea about that or some site you could point me to?
I'd be grateful to you
Regards.
You can check from where the user has come to your page by checking $_SERVER['HTTP_REFERER'], but this is not very reliable solution. Nor recommended one.
http://uk.php.net/reserved.variables
I would suggest using sessions rather then just checking for reffering page. And you don't need cookies to get sessions working.
http://uk.php.net/manual/en/ref.session.php
http://uk.php.net/reserved.variables
I would suggest using sessions rather then just checking for reffering page. And you don't need cookies to get sessions working.
http://uk.php.net/manual/en/ref.session.php
Thanks Rebus.
From the page you linked about Sessions, it says that it can be stored in a cookie on the user side or is propagated in the URL.
This means that for my page to work with sessions, the user must have cookies turned on, right?
If the send the session ID in the URL, the URL can then be copied to create the same session id again and again, right? Or am I taking this wrongly?
It would be very good if I could have some code here. Can you help me code it a bit? I haven't used sessions before
Regards.
EDIT: This is what I came up with:
In my redirect.php file, I put the following code:
Then, in the secure.php file, I put this:
The problem is that the if...else statement is not working. I am sure this has to do something related to global variables. Could you guide me here? Actually, two questions>> 1. How do I get the if..else to work (using global variables) 2. What if the person accesses the secure.php file directly (in which case there will be no variable at all, so the if..else would create problems again).
From the page you linked about Sessions, it says that it can be stored in a cookie on the user side or is propagated in the URL.
This means that for my page to work with sessions, the user must have cookies turned on, right?
If the send the session ID in the URL, the URL can then be copied to create the same session id again and again, right? Or am I taking this wrongly?
It would be very good if I could have some code here. Can you help me code it a bit? I haven't used sessions before
Regards.
EDIT: This is what I came up with:
In my redirect.php file, I put the following code:
Code: Select all
<?php
session_start();
session_register( "originate" );
$originate="teststring";
echo "Done!";
?>Code: Select all
<?php
session_start();
?>
<html>
<body>
<?php
if($originate="teststring")
{
echo "Success!"
}
else
{
echo "Failure"
}
?>
</body>
</html>rebus wrote:You can check from where the user has come to your page by checking $_SERVER['HTTP_REFERER'], but this is not very reliable solution. Nor recommended one.
http://uk.php.net/reserved.variables
I would suggest using sessions rather then just checking for reffering page. And you don't need cookies to get sessions working.
http://uk.php.net/manual/en/ref.session.php
- John Cartwright
- Site Admin
- Posts: 11470
- Joined: Tue Dec 23, 2003 2:10 am
- Location: Toronto
- Contact:
Redirect.php
Secure.php
A couple things you had wrong, session_register() is deprecated, use sessions by calling the super global $_SESSION. Another, in your secure.php make sure you understand the difference between the assignment operator "=" and the comparison operator "=="
Code: Select all
session_start();
$_SESSION['originate'] = 'teststring';Code: Select all
session_start();
if(isset($_SESSION['originate']) && $_SESSION['originate'] == 'teststring')
{
echo "Success!"
}
else
{
echo "Failure"
}Thanks Jcart.
Yes, I overlooked the "=" to sign. It should have been "==" since I am comparing two values.
I've tried running it with the code you gave but I did not get any output
Shouldn't teststring be within " & " instead of ' & ' ?
What I am doing is this:
I access redirect.php from the browser by directly pasting its its location in the address bar. Then I access secure.php from the browser by pasting its location in the address bar.
Could this be the reason there is no output? I think it should at least tell me "Failure" but it is just giving me a blank page
Regards.
Yes, I overlooked the "=" to sign. It should have been "==" since I am comparing two values.
I've tried running it with the code you gave but I did not get any output
Shouldn't teststring be within " & " instead of ' & ' ?
What I am doing is this:
I access redirect.php from the browser by directly pasting its its location in the address bar. Then I access secure.php from the browser by pasting its location in the address bar.
Could this be the reason there is no output? I think it should at least tell me "Failure" but it is just giving me a blank page
Regards.
- John Cartwright
- Site Admin
- Posts: 11470
- Joined: Tue Dec 23, 2003 2:10 am
- Location: Toronto
- Contact: