[SOLVED] Page Security, Session Variables, Need Some Help

[TecTao]

I need some help with page security.  I am not sure if the session variable is the way to go or not.

 

I have pages, for example:

 

page1.php

page2.php

page3.php

 

I do not want someone to be able to got to page2 or page3 without first going to page1.

 

I thought using a session variable would work, but I don't think I understand how to set the variable and then pass and check it on the next pages.

[DanDaBeginner]

SESSION will work fine..

 

just in your page1 set the $_SESSION['whatevername'] then in your page2 and page3

if $_SESSION['whatevername'] is not set then redirect them to page1 or just display error or a warning that

they must go to page1 before going to other..

<?

session_start(); // requires for session to work, but you must place it the top of your page before any output was sent to the heade

setting it up is just easy..

$_SESSION['whatevername'] = true/whatsoever;

?>

 

but I suggest you read a tutorial for better understanding.. search in google..

[mbtaylor]

Well traditionally before page1.php you would have login.php which would ask for the username, password and match it against the database values. If correct then a session variable is created saying loggedin or whatever and then a simple function can be called on each page to check whether or not the user is logged in. I would personally put that in a header include or similar.

 

Added:

 

Oops reading your post again thats maybe not what you want In that case set a session to contain an array of referrers maybe and check the array to see if the neccessary pages are contained within.

[TecTao]

Thanks, i've read up in google and a couple of my programming books.

 

The lightbulb just hasn't clicked on yet the way it works from one page to the next in verifying if the variable has been passed.

 

Regarding Login, yes, I've used in login but this isn't a login.  Although it's a membership purchase, the member doesn't establish a un and pw.  They pay from a purchase.php page, which if approved to to the thankyou.php page which has three choices to select to fill out an informational form.

 

I'm trying to keep access to the thankyou.php page except by way of the purchase.php page.

[DanDaBeginner]

once you have set a $_SESSION it will automatically be visible or accessible with other pae, it works just like

an cookie but it has the difference in where they store data.

the cookie is on the user browser while the session is on the server..

 

try this:

 

in your page1 write this code:

<?

session_start();

$_SESSION['testing'] = 'testing';

?>

 

and this in your page2 write this code:

<?

session_start();

echo $_SESSION['testing'];

?>

run the page1 first then go to page2..

 

that code will give you a clue on how they passing the values...

[mbtaylor]

Thanks, i've read up in google and a couple of my programming books.

 

The lightbulb just hasn't clicked on yet the way it works from one page to the next in verifying if the variable has been passed.

 

Regarding Login, yes, I've used in login but this isn't a login. Although it's a membership purchase, the member doesn't establish a un and pw. They pay from a purchase.php page, which if approved to to the thankyou.php page which has three choices to select to fill out an informational form.

 

I'm trying to keep access to the thankyou.php page except by way of the purchase.php page.

 

If the user pays for your product and doesnt have a login, how are you going to know in future that they have paid?

I would generate them a username/password based on their email address and email them it, then they can login with the details and access whatever they paid for.  You are going to need to store these details in a database which can be looked up in the login function to check payment status and other user details.

 

If someone pays you could log them in automatically with a session. Maybe set that on the thankyou page and provide a link to the download page, or whatever.