leafer Posted October 1, 2009 Author Share Posted October 1, 2009 you could set a session variable in index.php and check to see that it's set in 1.php (then immediately unset it) else you redirect to 404 Giving this a try at the moment. Haven't used sessions that often but it seems that may do the trick. Quote Link to comment Share on other sites More sharing options...
5kyy8lu3 Posted October 1, 2009 Share Posted October 1, 2009 at the top of index.php: <?php session_start(); $_SESSION['FromIndex'] = 'yes'; ?> then at the top of 1.php: <?php session_start(); if ( $_SESSION['FromIndex'] != 'yes' ) { header("Location: 404.php"); } unset($_SESSION['FromIndex']); ?> sorry i replied so late, I had to go run a quick errand. that code should work. it's not the most elegant solution, but if it works... Quote Link to comment Share on other sites More sharing options...
leafer Posted October 1, 2009 Author Share Posted October 1, 2009 at the top of index.php: <?php session_start(); $_SESSION['FromIndex'] = 'yes'; ?> then at the top of 1.php: <?php session_start(); if ( $_SESSION['FromIndex'] != 'yes' ) { header("Location: 404.php"); } unset($_SESSION['FromIndex']); ?> sorry i replied so late, I had to go run a quick errand. that code should work. it's not the most elegant solution, but if it works... lol no worries man. You've been more then helpful. I immediately went to the php session docs to whip up a solution. I'm about to put the finishing touches on my learning website to finally get this out of the way. I had to learn passing cookies before the website went live anyhow so I'm glad I'm forced into it. I've been putting off the website for a while now because I've already moved on to the projects I wanted to start before I began learning PHP. Anyways here's what I came up with: Inside index.php session_start(); $string = "abc"; $key = hash_hmac('ripemd160', $string, '1234567890'); $_SESSION['key']=$key; 1.php session_start(); if(!isset($_SESSION['key'])) { header("Location: 404.php"); } Obviously the hash_hmac part is unnecessary but it's something I could use down the line by bringing in random code from my DB based on some random changing value. I was thinking time or something of that nature but for now that's more then enough. It will never be a perfect solution because even that above I can easily simulate a curl call to grab the cookie along with the info needed. I've noticed a few forums beginning to use JS to salt the session ID before its being passed which gave me a bit of difficulty to fool but I'm chalking it up to my skill set rather then being a foolproof solution. I've realized if they want it they'll get it. thanks a million 5kyy8lu3. Quote Link to comment Share on other sites More sharing options...
5kyy8lu3 Posted October 1, 2009 Share Posted October 1, 2009 no problem man, glad I was somewhat helpful lol as far as spoofing it, you could use this as the key: md5($_SERVER['REMOTE_ADDR']); that way it's a hash of their ip address, which would be hard to know just from seeing the hash. just an idea to throw out there, it's what I use, it's dynamic yet it works. Quote Link to comment Share on other sites More sharing options...
leafer Posted October 1, 2009 Author Share Posted October 1, 2009 no problem man, glad I was somewhat helpful lol as far as spoofing it, you could use this as the key: md5($_SERVER['REMOTE_ADDR']); that way it's a hash of their ip address, which would be hard to know just from seeing the hash. just an idea to throw out there, it's what I use, it's dynamic yet it works. Damn. Great idea. Thx Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.