kevinak Posted September 3, 2008 Share Posted September 3, 2008 Well, this place has some amazing and helpful people, so I decided to stop back with this question. I have a script that is set up to get information from my database based of the url. The file would look like this for example www.example.com/example.php/3 Now people are merely changing this number to access another page. I need to prevent this since when they go to this page, then are rewarded. I set up a confirmation page before it, but I have no clue how to check if they went through the confirmation page or simply changed the URL, suggestions? Thanks for reading. Link to comment https://forums.phpfreaks.com/topic/122540-need-to-prevent-people-from-changing-the-url/ Share on other sites More sharing options...
ThunderAI Posted September 3, 2008 Share Posted September 3, 2008 Although this wont really help you, my personal belief is NEVER pass anything in the URL....never. When i can i pass things to sessions or if i have to POSTS. Link to comment https://forums.phpfreaks.com/topic/122540-need-to-prevent-people-from-changing-the-url/#findComment-632687 Share on other sites More sharing options...
Fadion Posted September 3, 2008 Share Posted September 3, 2008 Although this wont really help you, my personal belief is NEVER pass anything in the URL....never. When i can i pass things to sessions or if i have to POSTS. That makes no sense. Never pass a url variable? Great, PHP (and all the other web scripting languages) should abandon GET support then... As for the problem. Your url should be example.com?smth=3, or maybe you've mod_rewrite your urls. You can solve all this with a session. When someone enters the confirmation page, create a session for them. While they go in the reward page, check if the session is set and destroy it (so they don't re enter again without going to the confirmation page first). It should be easy, but if you need sample code, just ask. Link to comment https://forums.phpfreaks.com/topic/122540-need-to-prevent-people-from-changing-the-url/#findComment-632693 Share on other sites More sharing options...
kevinak Posted September 3, 2008 Author Share Posted September 3, 2008 I think i'm understanding.. but a sample code would be amazing if you had a little free time. Thank you for the responses. Also, what exactly does the ? in the url do. I simply designed a function that gets the url, then explodes it into an array and using the array[4] to get the number that is placed in the url. Or is that like super novice, easy to hack kind of thing? Link to comment https://forums.phpfreaks.com/topic/122540-need-to-prevent-people-from-changing-the-url/#findComment-632697 Share on other sites More sharing options...
revraz Posted September 3, 2008 Share Posted September 3, 2008 ? is used in conjuction with $_GET, so a URL can be parsed and the variable after ? can be extracted ?id=1 would allow $_GET['id'] to be populated with the value 1 As for sessions, there are a ton of examples floating around. Link to comment https://forums.phpfreaks.com/topic/122540-need-to-prevent-people-from-changing-the-url/#findComment-632704 Share on other sites More sharing options...
kevinak Posted September 3, 2008 Author Share Posted September 3, 2008 ah I see great example thank you. So should I rework everything to add the get function? Or is it really that bad to stick with a function that simply gets the number after the /? Because, i've been running this on a LOT of different scripts and I have yet to find a single error. Link to comment https://forums.phpfreaks.com/topic/122540-need-to-prevent-people-from-changing-the-url/#findComment-632712 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.