Jump to content

Security question


sjones

Recommended Posts

I have a ecommerce site that has general products for everyone that visits. Also there is a wholesale client login. The script takes the user to a different category, with a seperate store for wholsale clients. Is it possible that when the wholesale category is opened, that we can make sure that it was the handle_login.php script that sent them there. If they have it bookmarked or opened from any other location besides the handle_login.php script. They would recieve a error message with the option to go to the login page.
Link to comment
Share on other sites

The problem I am having with $_SERVER['HTTP_REFERER'] is that if someone would refresh the page it creates the error, because they were not directed there from the main page. Could someone help me with the proper code to check for two different $_SERVER['HTTP_REFERER']

example:
if ($_SERVER['HTTP_REFERER'] != "www.mysite.com/abc/" || "www.mysite.com/xyz/"){
echo "You have arrived here without loging in  Bla......" ;
exit;
}

Any Thoughts ?
Link to comment
Share on other sites

[quote author=pixy link=topic=102382.msg406645#msg406645 date=1154370359]
Not all servers support $_SERVER['HTTP_REFERER']...either that or it has to do with the browser, which may choose not to send refering information.
[/quote]
Yeah its to do with the browser. Some browsers do some dont. Also it can be easily fooled too.
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.