pranshu82202 Posted July 10, 2011 Share Posted July 10, 2011 I am creating a registration page in php. In which the action of the registration form is insert.php I want that insert.php shuld only be accessed when a user goes from registration.php.... Please tell me how to do that.... Quote Link to comment Share on other sites More sharing options...
cunoodle2 Posted July 10, 2011 Share Posted July 10, 2011 Can you store a session variable and then check it to verify that only a person with proper permission can view said page? Quote Link to comment Share on other sites More sharing options...
spiderwell Posted July 10, 2011 Share Posted July 10, 2011 you could do it several ways, one would be to have insert.php check that its been posted to by registration.php and if not, then stop loading. you could use .htaccess file to restrict insert.php Quote Link to comment Share on other sites More sharing options...
cssfreakie Posted July 11, 2011 Share Posted July 11, 2011 you might also want to look in something called form tokens. In a nutshell, registration.php has a hidden field with a random form token, also a session variable is made that is similar to the form token. when you open up insert.php it checks if the submitted value (form token) exists and if it exists it is equal to the session variable. The only way that would be possible is when the request comes from registration.php or if the token can be easily guessed. you might want to have a look here: http://phpsec.org/projects/guide/2.html Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.