Restricting access to a url

[pranshu82202]

I am creating a registration page in php.

In which the action of the registration form is insert.php

I want that insert.php shuld only be accessed when a user goes from registration.php....

 

Please tell me how to do that....

[cunoodle2]

Can you store a session variable and then check it to verify that only a person with proper permission can view said page?

[spiderwell]

you could do it several ways, one would be to have insert.php check that its been posted to by registration.php and if not, then stop loading. you could use .htaccess file to restrict insert.php

[cssfreakie]

you might also want to look in something called form tokens.

 

In a nutshell, registration.php has a hidden field with a random form token, also a session variable is made that is similar to the form token.

when you open up insert.php it checks if the submitted value (form token) exists and if it exists it is equal to the session variable.

The only way that would be possible is when the request comes from registration.php or if the token can be easily guessed.

you might want to have a look here: http://phpsec.org/projects/guide/2.html