Jump to content

Security, Stopping the back button from letting you go back to your last page?

spires

By spires
in PHP Coding Help

 Share

Recommended Posts

spires Advanced Member

spires

Posted
Posted
Hi,

I have created a shopping cart that sells MP3s.
Do you know if there is a way of stopping customers from going back a page? (once they have downloaded)

e.g
1 - Login
2 - Download track (goes to download page).
3 - once downloaded goback to Download track (with the quantity refreshed).
4 - Download next track etc

if you follow this path there is no problems, 
however, when you are at stage 3, and use the browser back button, instead of the link provided
the quantity does not refresh and you can download thousends if you choose.

Is there any way of stoping this?
Thanks
Link to comment
Share on other sites
tomfmason Advanced Member

tomfmason

Posted
Posted
Ok I use this script for downloading scripts and templates. You should be able to change it to suite your needs. Ok after they download a file I update a table in the db. I call my table downloads.

Here is the fields that I have in the downloads.
[list][*]download_id
[*]username
[*]filename
[*]date_downloaded[/list]


And here is the download.php

[code]
<?php
function getaction($action) {
   switch($action) {
  case "download":
     function getdownload($type) {
     switch($type) {
    case "free":
    if ($_SERVER['HTTP_REFERER'] !== "http://www.yoursite.com/yourpage.php") {
    header("HTTP/1.1 404 Not Found");
}
    if (!$_SESSION['username']) {
    echo "You must be a member to download this file<br />";
    include("login.php");
exit;
}
$username = $_SESSION['username'];
$filename = $_GET['filename'];
$sql = mysql_query("INSERT INTO `downloads` (`username`, `filename`, `date_downloaded`) VALUES ('$username', '$filename', now())");
header("Pragma: public");
                                                               header("Expires: 0");
                                                               header("Cache-Control: must-revalidate, post-check=0, pre-check=0");

                                                               header("Content-Type: application/force-download");
                                                               header( "Content-Disposition: attachment; filename=".basename($filename));

                                                               header( "Content-Description: File Transfer");
                                                               header('Accept-Ranges: bytes');
header('Content-Length: ' . filesize($filename));
@readfile($filename);
break;
case "paid":
    if ($_SERVER['HTTP_REFERER'] !== "http://www.yoursite.com/something.php") {
    header("HTTP/1.1 404 Not Found");
}
    if (!$_SESSION['username']) {
    echo "You must be a member to download this file<br />";
    include("login.php");
exit;
}
    $filename =  $_GET['filename'];
$username = $_SESSION['username'];
$sql = sprintf("SELECT COUNT(*) as `download_chek` FROM `downloads` WHERE `username` = '$%s' AND `filename` = '%s'", $username, $filename);
$res = mysql_query($sql) or die(mysql_error());
$download_check = mysql_result($res, 0, 'download_check');
if ($download_check > 0) {
    echo "You may not download this file more then once";
include("somepage.php");
exit(1);
}
$q = mysql_query("INSERT INTO `downloads` (`username`, `filename`, `date_downloaded`) VALUES ('$username', '$filename', now())");

header("Pragma: public");
                                                               header("Expires: 0");
                                                               header("Cache-Control: must-revalidate, post-check=0, pre-check=0");

                                                               header("Content-Type: application/force-download");
                                                               header( "Content-Disposition: attachment; filename=".basename($filename));

                                                               header( "Content-Description: File Transfer");
                                                               header('Accept-Ranges: bytes');
header('Content-Length: ' . filesize($filename));
@readfile($filename);
break;

}
}
getdownload($_GET['type']);
 break;
}
}
getaction($_GET['action']);      
?>[/code]

You may need to change the location of the download directory to your directory but this should work. I use it for my downloads. This will hide the location of your file and will prevent directlinking . Now you link to it like this
[b]download.php?action=download&type=paid&filename=whatever.zip[/b]
Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.