how to prevent direct access of web page by typing url

[phplearner2008]

Hi all,

 

I want php files in my web site to be accessed through links only and not by typing the url directly. How can I do it?

 

Thanks

[btherl]

You can do a simple (and easily bypassable) attempt by checking to see if $_SERVER['HTTP_REFERER'] is set.  Typically that value is set when a link is followed, but not when it's typed in.  This method is however easily bypassed by someone who wants to bypass it.

 

A better answer is you can use sessions to track your user, and remember where they are allowed to go.  Then you can tell them "Sorry, you can only access this page from this other page, and my session data says you didn't".

[phplearner2008]

btherl, can you expand on your second suggestion using sessions?

[btherl]

Are you familiar with sessions?

 

Assuming you are, let's say you want someone to access page B only from page A.  When they access page A, you store a value in the session like $_SESSION['lastpage'] = 'A'.  Then when they access page B, you can check if $_SESSION['lastpage'] is set to A.

 

If you are concerned about users passing data as arguments to the page, then you should store that data on the server instead.