TecTao Posted March 13, 2007 Share Posted March 13, 2007 I need some help with page security. I am not sure if the session variable is the way to go or not. I have pages, for example: page1.php page2.php page3.php I do not want someone to be able to got to page2 or page3 without first going to page1. I thought using a session variable would work, but I don't think I understand how to set the variable and then pass and check it on the next pages. Quote Link to comment Share on other sites More sharing options...
DanDaBeginner Posted March 13, 2007 Share Posted March 13, 2007 SESSION will work fine.. just in your page1 set the $_SESSION['whatevername'] then in your page2 and page3 if $_SESSION['whatevername'] is not set then redirect them to page1 or just display error or a warning that they must go to page1 before going to other.. <? session_start(); // requires for session to work, but you must place it the top of your page before any output was sent to the heade setting it up is just easy.. $_SESSION['whatevername'] = true/whatsoever; ?> but I suggest you read a tutorial for better understanding.. search in google.. Quote Link to comment Share on other sites More sharing options...
mbtaylor Posted March 13, 2007 Share Posted March 13, 2007 Well traditionally before page1.php you would have login.php which would ask for the username, password and match it against the database values. If correct then a session variable is created saying loggedin or whatever and then a simple function can be called on each page to check whether or not the user is logged in. I would personally put that in a header include or similar. Added: Oops reading your post again thats maybe not what you want In that case set a session to contain an array of referrers maybe and check the array to see if the neccessary pages are contained within. Quote Link to comment Share on other sites More sharing options...
TecTao Posted March 13, 2007 Author Share Posted March 13, 2007 Thanks, i've read up in google and a couple of my programming books. The lightbulb just hasn't clicked on yet the way it works from one page to the next in verifying if the variable has been passed. Regarding Login, yes, I've used in login but this isn't a login. Although it's a membership purchase, the member doesn't establish a un and pw. They pay from a purchase.php page, which if approved to to the thankyou.php page which has three choices to select to fill out an informational form. I'm trying to keep access to the thankyou.php page except by way of the purchase.php page. Quote Link to comment Share on other sites More sharing options...
DanDaBeginner Posted March 13, 2007 Share Posted March 13, 2007 once you have set a $_SESSION it will automatically be visible or accessible with other pae, it works just like an cookie but it has the difference in where they store data. the cookie is on the user browser while the session is on the server.. try this: in your page1 write this code: <? session_start(); $_SESSION['testing'] = 'testing'; ?> and this in your page2 write this code: <? session_start(); echo $_SESSION['testing']; ?> run the page1 first then go to page2.. that code will give you a clue on how they passing the values... Quote Link to comment Share on other sites More sharing options...
mbtaylor Posted March 13, 2007 Share Posted March 13, 2007 Thanks, i've read up in google and a couple of my programming books. The lightbulb just hasn't clicked on yet the way it works from one page to the next in verifying if the variable has been passed. Regarding Login, yes, I've used in login but this isn't a login. Although it's a membership purchase, the member doesn't establish a un and pw. They pay from a purchase.php page, which if approved to to the thankyou.php page which has three choices to select to fill out an informational form. I'm trying to keep access to the thankyou.php page except by way of the purchase.php page. If the user pays for your product and doesnt have a login, how are you going to know in future that they have paid? I would generate them a username/password based on their email address and email them it, then they can login with the details and access whatever they paid for. You are going to need to store these details in a database which can be looked up in the login function to check payment status and other user details. If someone pays you could log them in automatically with a session. Maybe set that on the thankyou page and provide a link to the download page, or whatever. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.