t3kizzleee Posted February 6, 2010 Share Posted February 6, 2010 Hello, I'm trying to make a PHP/HTML page where it blocks all direct requests and only allows requests from a certain redirect or URL. For example, I have a page www.site.com/x.php I don't want people to view the page if they type in "www.site.com/x.php" directly into the URL, perhaps display an error screen. I want to make it so that it will only redirect from "www.site.com" I hope I made some sort of sense. Quote Link to comment https://forums.phpfreaks.com/topic/191202-how-to-block-http-direct-request-and-only-accept-from-certain-url/ Share on other sites More sharing options...
MadTechie Posted February 6, 2010 Share Posted February 6, 2010 Okay then 2 questions before I can help.. 1. why have www.site.com/x.php in the public domain ? 2. what is it and why do you have it if you don't want it viewable ? Quote Link to comment https://forums.phpfreaks.com/topic/191202-how-to-block-http-direct-request-and-only-accept-from-certain-url/#findComment-1008118 Share on other sites More sharing options...
t3kizzleee Posted February 6, 2010 Author Share Posted February 6, 2010 My website is a shop. Basically, I want to display a thank you message once a customer has placed an order. I want to make a page that does that but I don't want it accessed by a direct request. I want it to be displayed only by redirection from the URL of my choice whether it be www.site.com/checkout.php or whatever it is. Quote Link to comment https://forums.phpfreaks.com/topic/191202-how-to-block-http-direct-request-and-only-accept-from-certain-url/#findComment-1008122 Share on other sites More sharing options...
MadTechie Posted February 7, 2010 Share Posted February 7, 2010 Okay, at the very start of the checkout.php have <?php session_start(); ?> then on the part of the check out that does the redirect, do this $_SESSION['checkedout'] = true; header("Location: thankyou.php"); //the re-direct now in thankyou.php do this <?php session_start(); if(empty($_SESSION['checkedout'])){ header("Location: error.php"); //redirect to error page exit(); } unset($_SESSION['checkedout']); //clear session echo "Thank you"; ?> To summarise: thankyou.php will redirect to an error.php if a session called 'checkedout' is not set or not set to true, and the checkout.php is the only place where it can be set to true.. thus it must be a valid checked out item hope that helps EDIT: oops a typo in the code (fixed) Quote Link to comment https://forums.phpfreaks.com/topic/191202-how-to-block-http-direct-request-and-only-accept-from-certain-url/#findComment-1008126 Share on other sites More sharing options...
t3kizzleee Posted February 7, 2010 Author Share Posted February 7, 2010 Thanks, worked like a charm. Quote Link to comment https://forums.phpfreaks.com/topic/191202-how-to-block-http-direct-request-and-only-accept-from-certain-url/#findComment-1008166 Share on other sites More sharing options...
MadTechie Posted February 7, 2010 Share Posted February 7, 2010 Cool, I hope logic make sense.. Quote Link to comment https://forums.phpfreaks.com/topic/191202-how-to-block-http-direct-request-and-only-accept-from-certain-url/#findComment-1008173 Share on other sites More sharing options...
t3kizzleee Posted February 7, 2010 Author Share Posted February 7, 2010 It did, your explanation was great. And the comments were very useful. This was a simple problem but I had to ask as I'm not fluent with PHP. Thank you so much for your help. Quote Link to comment https://forums.phpfreaks.com/topic/191202-how-to-block-http-direct-request-and-only-accept-from-certain-url/#findComment-1008198 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.