How do I get a page to ONLY be viewed by clicking on a button from another page?

[blastbum]

Hi,

I'm a php noobie, so please be understanding.  ;)

How do I make sure that a page can only be viewed by clicking on a "Submit" button from another page? Let's just say that the page that I want to be viewed is called "statement.php" and the page that has the "Submit" button on it is called "disclaimer.php". I want it to be impossible to view the page "statement.php", unless the user goes to the "disclaimer.php" page first and clicks on the "Submit" button. So the user will not be able to view the "statement.php" page by entering the address "http://www.samplesite.com/statement.php" into the address bar, only by via the "disclaimer.php" page.

Your help will be greatly appreciated.  :)

Regards,

Dan

[trq]

Take a look at the $_SERVER['HTTP_REFERER'] variable.

[john_6767]

or send a hidden field over so and check to see if its passed, if its not then redirect..
that way the submit button needs to be pressed, not just a link from the submit button page

[Cagecrawler]

$_SERVER['REFERER'] can be a bit dodgy sometimes, as some browsers give the option to change it.  The best way is to get them to check a tick-box on the disclaimer, then click Submit.  On the statement page, check to see if it is ticked, if it isn't, direct them back to the disclaimer.

[blastbum]

The guy that is intended to look at the page is not very computer literate, so there won't be any worries there. If you could supply me with a script of the $_SERVER['HTTP_REFERER'] and exactly where to paste it, that would help me heaps or even if you pointed me to a tutorial or something, that would be great.

Your help would be greatly appreciated.

Dan

[trq]

[code=php:0]
if ($_SERVER['HTTP_REFERER'] == 'pageyouwantthemtocomefrom.php') {
  // display page.
}
[/code]

Simple.

[Cagecrawler]

The $_SERVER['HTTP_REFERER'] method:
[code=statement.php]
<?php
if($_SERVER['HTTP_REFERER']=="disclaimer.php") //You might need the full address in here, but this should be ok.
{
  //Insert statement.php here.
}
else
{
  header("Location:disclaimer.php");
?>
[/code]
You shouldn't really use this though.
[quote=http://uk.php.net/manual/en/reserved.variables.php]
'HTTP_REFERER'

    The address of the page (if any) which referred the user agent to the current page. This is set by the user agent. Not all user agents will set this, and some provide the ability to modify HTTP_REFERER as a feature. In short, it cannot really be trusted.
[/quote]

The checkbox method, which is better:
[code=disclaimer.php]
<?php
<form action="statement.php" method="post">
<div style="width:640px" align="left">

<fieldset class="fieldset">

<legend>Disclaimer</legend>
<table cellpadding="0" cellspacing="3" border="0" width="100%">
<tr>
<td>In order to proceed, you must agree with the following rules:</td>
</tr>
<tr>
<td>
<div style="border:thin inset; padding:6px; height:175px; overflow:auto">
//DISCLAIMER
</div>
<div><input type="checkbox" name="agree" id="agree" value="1" /><strong>I have read, and agree to abide by the Disclaimer.</strong></label></div>
</td>
</tr>
</table>
</fieldset>
</div>
<input type="submit" class="button" value="Register" accesskey="s" />
</form>
[/code]
You've probably got most of that, all you need to really add is "<input type="checkbox" name="agree" id="agree" value="1" /><strong>I have read, and agree to abide by the Disclaimer.</strong>"
[code=statement.php]
<?php
$agree=$_POST['agree']
if($agree!==1)
{
  header("Location:statement.php");
}
else
{
  //Show statement.php stuff
}
?>[/code]

[blastbum]

Hi Cagecrawler.

Your code is exactly what I'm after. You're a champion!!! The only thing is, is that there may be some things that will inable that code to work. To see what I mean, check out: [URL=http://www.ds-d.com/message.php]http://www.ds-d.com/message.php[/URL] ("message.php" is suppose to be the "disclaimer.php" page).

If you could re-paste the code with any changes implemented for it to work, that would be awesome!!

FYI: Just a precaution, you won't be able to copy and paste while the "statement.php" page is open. There's a javascript script on there that wipes the clipboard of the user viewing the page. It's best to open the source page, then close the "statement.php" page. Also, by clicking on the "Continue To Statement" button, I receive an email with your IP address notifying me that you have agreed to the disclaimer. So if you're a little spooked by that, then I've conveniently attached the files for you.

Many thanks once again.

Dan

Your help is greatly appreciated.

[attachment deleted by admin]

[Cagecrawler]

These should work, I had problems sending the mail but that's because my local server hasn't got mail set up properly.

Check them and shout if you've got any problems...


[attachment deleted by admin]