Jump to content

Need to prevent people from changing the URL

kevinak

By kevinak
in PHP Coding Help

 Share

Recommended Posts

kevinak Member

kevinak

Posted
Posted

Well, this place has some amazing and helpful people, so I decided to stop back with this question.

 

I have a script that is set up to get information from my database based of the url.

 

The file would look like this for example  www.example.com/example.php/3

 

Now people are merely changing this number to access another page.

 

I need to prevent this since when they go to this page, then are rewarded. I set up a confirmation page before it, but I have no clue how to check if they went through the confirmation page or simply changed the URL, suggestions?

 

Thanks for reading.

Link to comment
Share on other sites
Fadion Newbie

Fadion

Posted
Posted

Although this wont really help you, my personal belief is NEVER pass anything in the URL....never.  When i can i pass things to sessions or if i have to POSTS.

 

That makes no sense. Never pass a url variable? Great, PHP (and all the other web scripting languages) should abandon GET support then...

 

As for the problem. Your url should be example.com?smth=3, or maybe you've mod_rewrite your urls. You can solve all this with a session. When someone enters the confirmation page, create a session for them. While they go in the reward page, check if the session is set and destroy it (so they don't re enter again without going to the confirmation page first). It should be easy, but if you need sample code, just ask.

 

 

Link to comment
Share on other sites
kevinak Member

kevinak

Posted
  • Author
Posted

I think i'm understanding.. but a sample code would be amazing if you had a little free time.

 

Thank you for the responses.

 

Also, what exactly does the ? in the url do. I simply designed a function that gets the url, then explodes it into an array and using the array[4] to get the number that is placed in the url. Or is that like super novice, easy to hack kind of thing?

Link to comment
Share on other sites
revraz Member

revraz

Posted
Posted

? is used in conjuction with $_GET, so a URL can be parsed and the variable after ? can be extracted

 

?id=1 would allow $_GET['id'] to be populated with the value 1

 

As for sessions, there are a ton of examples floating around.

Link to comment
Share on other sites
kevinak Member

kevinak

Posted
  • Author
Posted

ah I see great example thank you.

 

So should I rework everything to add the get function?

Or is it really that bad to stick with a function that simply gets the number after the /?

 

Because, i've been running this on a LOT of different scripts and I have yet to find a single error.

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.