Jump to content

Archived

This topic is now archived and is closed to further replies.

spires

Security, Stopping the back button from letting you go back to your last page?

Recommended Posts

Hi,

I have created a shopping cart that sells MP3s.
Do you know if there is a way of stopping customers from going back a page? (once they have downloaded)

e.g
1 - Login
2 - Download track (goes to download page).
3 - once downloaded goback to Download track (with the quantity refreshed).
4 - Download next track etc

if you follow this path there is no problems, 
however, when you are at stage 3, and use the browser back button, instead of the link provided
the quantity does not refresh and you can download thousends if you choose.

Is there any way of stoping this?
Thanks

Share this post


Link to post
Share on other sites
save all their selected tracks in the database and call to see what tracks they have selected and how many they selected. If so many then they can't get anymore, etc.. you get the idea?

Share this post


Link to post
Share on other sites
Ok I use this script for downloading scripts and templates. You should be able to change it to suite your needs. Ok after they download a file I update a table in the db. I call my table downloads.

Here is the fields that I have in the downloads.
[list][*]download_id
[*]username
[*]filename
[*]date_downloaded[/list]


And here is the download.php

[code]
<?php
function getaction($action) {
   switch($action) {
  case "download":
     function getdownload($type) {
     switch($type) {
    case "free":
    if ($_SERVER['HTTP_REFERER'] !== "http://www.yoursite.com/yourpage.php") {
    header("HTTP/1.1 404 Not Found");
}
    if (!$_SESSION['username']) {
    echo "You must be a member to download this file<br />";
    include("login.php");
exit;
}
$username = $_SESSION['username'];
$filename = $_GET['filename'];
$sql = mysql_query("INSERT INTO `downloads` (`username`, `filename`, `date_downloaded`) VALUES ('$username', '$filename', now())");
header("Pragma: public");
                                                               header("Expires: 0");
                                                               header("Cache-Control: must-revalidate, post-check=0, pre-check=0");

                                                               header("Content-Type: application/force-download");
                                                               header( "Content-Disposition: attachment; filename=".basename($filename));

                                                               header( "Content-Description: File Transfer");
                                                               header('Accept-Ranges: bytes');
header('Content-Length: ' . filesize($filename));
@readfile($filename);
break;
case "paid":
    if ($_SERVER['HTTP_REFERER'] !== "http://www.yoursite.com/something.php") {
    header("HTTP/1.1 404 Not Found");
}
    if (!$_SESSION['username']) {
    echo "You must be a member to download this file<br />";
    include("login.php");
exit;
}
    $filename =  $_GET['filename'];
$username = $_SESSION['username'];
$sql = sprintf("SELECT COUNT(*) as `download_chek` FROM `downloads` WHERE `username` = '$%s' AND `filename` = '%s'", $username, $filename);
$res = mysql_query($sql) or die(mysql_error());
$download_check = mysql_result($res, 0, 'download_check');
if ($download_check > 0) {
    echo "You may not download this file more then once";
include("somepage.php");
exit(1);
}
$q = mysql_query("INSERT INTO `downloads` (`username`, `filename`, `date_downloaded`) VALUES ('$username', '$filename', now())");

header("Pragma: public");
                                                               header("Expires: 0");
                                                               header("Cache-Control: must-revalidate, post-check=0, pre-check=0");

                                                               header("Content-Type: application/force-download");
                                                               header( "Content-Disposition: attachment; filename=".basename($filename));

                                                               header( "Content-Description: File Transfer");
                                                               header('Accept-Ranges: bytes');
header('Content-Length: ' . filesize($filename));
@readfile($filename);
break;

}
}
getdownload($_GET['type']);
 break;
}
}
getaction($_GET['action']);      
?>[/code]

You may need to change the location of the download directory to your directory but this should work. I use it for my downloads. This will hide the location of your file and will prevent directlinking . Now you link to it like this
[b]download.php?action=download&type=paid&filename=whatever.zip[/b]

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.