pranshu82202 Posted July 10, 2011 Share Posted July 10, 2011 I am creating a registration page in php. In which the action of the registration form is insert.php I want that insert.php shuld only be accessed when a user goes from registration.php.... Please tell me how to do that.... Link to comment https://forums.phpfreaks.com/topic/241602-restricting-access-to-a-url/ Share on other sites More sharing options...
cunoodle2 Posted July 10, 2011 Share Posted July 10, 2011 Can you store a session variable and then check it to verify that only a person with proper permission can view said page? Link to comment https://forums.phpfreaks.com/topic/241602-restricting-access-to-a-url/#findComment-1240960 Share on other sites More sharing options...
spiderwell Posted July 10, 2011 Share Posted July 10, 2011 you could do it several ways, one would be to have insert.php check that its been posted to by registration.php and if not, then stop loading. you could use .htaccess file to restrict insert.php Link to comment https://forums.phpfreaks.com/topic/241602-restricting-access-to-a-url/#findComment-1240974 Share on other sites More sharing options...
cssfreakie Posted July 11, 2011 Share Posted July 11, 2011 you might also want to look in something called form tokens. In a nutshell, registration.php has a hidden field with a random form token, also a session variable is made that is similar to the form token. when you open up insert.php it checks if the submitted value (form token) exists and if it exists it is equal to the session variable. The only way that would be possible is when the request comes from registration.php or if the token can be easily guessed. you might want to have a look here: http://phpsec.org/projects/guide/2.html Link to comment https://forums.phpfreaks.com/topic/241602-restricting-access-to-a-url/#findComment-1241019 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.