Accessing Page ONLY after visiting Previous Page ?

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
hbnmgr
Forum Newbie
Posts: 13
Joined: Mon Mar 07, 2005 8:22 pm

Accessing Page ONLY after visiting Previous Page ?

Post by hbnmgr »

Have PHP v4.3 installed on Server.

Need to make sure browser visiting a certain page,
came from another page or at least from the same
domain / server.

To prevent browser from accessing that certain page
without first visiting the previous page and from same
domain / server. Pervious page is coming off of PayPal
and is a ThankYou page.

Any suggestions as to what best to use???
SESSION ; REFERER ; SERVER ; etc. ???
Can't find code in two books I have.

Thanks!
SRR
Roja
Tutorials Group
Posts: 2692
Joined: Sun Jan 04, 2004 10:30 pm

Post by Roja »

http_referer is the closest, but it isnt entirely reliable.
User avatar
Jenk
DevNet Master
Posts: 3587
Joined: Mon Sep 19, 2005 6:24 am
Location: London

Post by Jenk »

If you are trying to secure a multiple stage form submission for example, then $_SESSION will help.

If you are just limiting access based on referal, then $_SERVER['HTTP_REFERER'] is a viable, but by no means a fool proof method.

To use the method I described with session:
page1.php:

Code: Select all

<?php
session_start();

$_SESSION['page1visited'] = TRUE;

?>
page2.php:

Code: Select all

<?php
session_start();

if ((isset($_SESSION['page1visited'])) && ($_SESSION['page1visted'] == TRUE)) {
    //display page..
} else {
    die('You must visit page1.php before gaining access to page2.php!');
}

?>
HTH :)
Post Reply