Jump to content

Archived

This topic is now archived and is closed to further replies.

sjones

Security question

Recommended Posts

I have a ecommerce site that has general products for everyone that visits. Also there is a wholesale client login. The script takes the user to a different category, with a seperate store for wholsale clients. Is it possible that when the wholesale category is opened, that we can make sure that it was the handle_login.php script that sent them there. If they have it bookmarked or opened from any other location besides the handle_login.php script. They would recieve a error message with the option to go to the login page.

Share this post


Link to post
Share on other sites
take a look at $_SERVER['HTTP_REFERER'].

Share this post


Link to post
Share on other sites
also you should pass a token through a session variable to the page, that would be generated from handle_login.php and checked on your target script.

Share this post


Link to post
Share on other sites
The problem I am having with $_SERVER['HTTP_REFERER'] is that if someone would refresh the page it creates the error, because they were not directed there from the main page. Could someone help me with the proper code to check for two different $_SERVER['HTTP_REFERER']

example:
if ($_SERVER['HTTP_REFERER'] != "www.mysite.com/abc/" || "www.mysite.com/xyz/"){
echo "You have arrived here without loging in  Bla......" ;
exit;
}

Any Thoughts ?

Share this post


Link to post
Share on other sites
Not all servers support $_SERVER['HTTP_REFERER']...either that or it has to do with the browser, which may choose not to send refering information.

Share this post


Link to post
Share on other sites
[quote author=pixy link=topic=102382.msg406645#msg406645 date=1154370359]
Not all servers support $_SERVER['HTTP_REFERER']...either that or it has to do with the browser, which may choose not to send refering information.
[/quote]
Yeah its to do with the browser. Some browsers do some dont. Also it can be easily fooled too.

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.