Jump to content

php check if page is open?

Freid001

By Freid001
in PHP Coding Help

 Share

Recommended Posts

Freid001 Member

Freid001

Posted
Posted

Does anyone know if there is any PHP code which will prevent a user from opening the same page twice at the same time.

 

So for example: User opens a web page -> user opens the same page in another tab (Is it possible to check for this and then display a error message on the second page opened?)

 

Thanks for any help :)

Link to comment
Share on other sites
Freid001 Member

Freid001

Posted
  • Author
Posted

I am writing some code for PHP textbased game.

I just discovered that players can open a page and then if they open the same page again in another tab and then select a link on both the pages they can skip certain stuff which they should not be able to skip.

Link to comment
Share on other sites
Mad programmer Newbie

Mad programmer

Posted
Posted

Have you thought about using sessions?

If the user enters the page the script could set an session (which it checks for at the top to prevent multiple views).

 

Here's an example if what I mean:

 

<?php
// Initialize sessions ofcourse..
session_start();

// [url]/page.php?delete 
// Allows you to unset the session so you can try this out
if (isset($_GET['delete'])) {
unset($_SESSION['check']);
exit();
}

// If the session is set and equals 123 we already have the page open!
if (!empty($_SESSION['check'])) {
if ($_SESSION['check'] == '123') {
	echo 'You should not be here!';
	exit();
}
}

// Set the session and continue your script..
$_SESSION['check'] = '123';
echo 'welcome!';

 

I hope that this is useful to you.

 

Edit:

Remember! If the user goes out of this page by a link or if your script logic has been processed, you need to UNSET this session.

If you won't do this the user will not be able to access this page anymore. (Except if they wipe their session cookies :) )

Link to comment
Share on other sites
xyph Advanced Member

xyph

Posted
Posted

Session persist between tabs. There's no way to tell if a user has opened the same page in a new tab, or hit refresh in the same tab.

 

I suppose you could pass a hidden token, and make every link of your site a form submission. You'd check for the existence of that hidden token on each page. This wouldn't be hard to beat, though as it's all client-side behaviour. It'd be a lot of work on your end for something that would just stop the honest users.

Link to comment
Share on other sites
xyph Advanced Member

xyph

Posted
Posted

@xyph:

 

I know they persist, however if you use my approach and open the page in a new tab the session is set.

Thus further code execution can be prevent, there is indeed no way to tell if it is a new tab.

 

If you try my script you can see what I mean

 

 

And if you refresh the page?

 

I see what you're trying to do, but you're messing with single-tab behaviour as well.

Link to comment
Share on other sites
Freid001 Member

Freid001

Posted
  • Author
Posted

I did try sessions a while ago but the problem I had was resetting the session back to 0 because if the users opens a page, then opens it in another tab user get error message and the code sets session to 0, the user opens third tab and user can access the same page twice again. Not tried your code yet but that is what I experienced when I tried using sessions a while ago.

Link to comment
Share on other sites
Mad programmer Newbie

Mad programmer

Posted
Posted

@xyph:

I know it affects the current tab as well if you refresh it (Should've mentioned that), this can be fixed by adding some sort of flood control.

If you set the session you can add in a current timestamp, and in the session check you can check against the session and the timestamp.

If the timestamp is 30 seconds old then unset the session, with this solution you can prevent spamming a little.

 

@Freid001:

Where you unsetting the session when you output an error to the viewer? However my method can be used however it also has its disadvantages like Xyph said.

You can try adding in a time based mechanism like I said, It doesn't matter how many tabs someone has open the code will always be checked against the session.

The real problem is when someone reloads the page, then they have to wait :)

Link to comment
Share on other sites
xyph Advanced Member

xyph

Posted
Posted

@xyph:

I know it affects the current tab as well if you refresh it (Should've mentioned that), this can be fixed by adding some sort of flood control.

If you set the session you can add in a current timestamp, and in the session check you can check against the session and the timestamp.

If the timestamp is 30 seconds old then unset the session, with this solution you can prevent spamming a little.

 

Huh? It's not possible to TRULY detect if the request came from a new tab, or the current tab. The solution would rely on client-side reporting, and you can't trust that. You can try to hack it, but it's a lot of effort for something that's trivial to bypass.

 

This session idea is a total band-aid.

Link to comment
Share on other sites
Mad programmer Newbie

Mad programmer

Posted
Posted

@Freid001:

 

Here is an adjusted version of my demo code, this one contains the timestamp as I've suggested.

If the session has been set 30 seconds ago the script destroys the session and allowing the user on the page again. (Right after that the timeout is set to 30 again);

 

<?php
session_start();
//  This is the timeout that the session needs to be checked against (seconds)
$timeout = 30;

//	Allows us to manually unset the session to test our code 
if (isset($_GET['delete'])) {
unset($_SESSION['check']);
exit();
}

//	If our session is not set then create it with its values to false
if (!isset($_SESSION['check'])) {
$_SESSION['check'] = array(
	'set' => false,
	'time' => time()
);
}

if ($_SESSION['check']['set'] == true) {
//	Check our current time against our timeout
if (time() <= $_SESSION['check']['time'] + $timeout ) {
	echo 'You should not be here!<br /><br>Timespan: ';
	echo time() - $_SESSION['check']['time'];
	exit();
} else { 
	//	Session is older than 30 seconds, you might unset it..
	unset($_SESSION['check']);
}
}

//	The user may view the page but we set our session for control purposes!
$_SESSION['check'] = array(
'set' => true,
'time' => time()
);
echo 'welcome!';

 

Let me know if it works for you :)

 

@xyph:

I did not mean to say that if its possible to see where the request came from, Take a look at my newly posted code that's how I've meant it all along.

 

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.