Jump to content

Make sure user is referred by specific page.

sitefever

By sitefever
in PHP Coding Help

 Share

Recommended Posts

sitefever Newbie

sitefever

Posted
Posted

I know this is possible because I have seen it in a few scripts before, but I forgot exactly how the language was put.

 

I have a link on a page inside a password protected folder, lets call it domain.com/protected/hide.php.

 

When the user clicks on the hyperlink, they will be redirected to domain.com/folder/page.php

 

I want to write somewhere on page.php to be sure the visitor came from hide.php, otherwise display an error message. How can I do this?

 

Thank you!

sitefever Newbie

sitefever

Posted
  • Author
Posted

THANK YOU! That code looks somewhat familiar. Ill try it now...

 

As far as the echo part, if they came from the right page, what do I do, insert the entire page contents within the echo brackets? Of course I don't want to just display a sentence. Thanks again.

pocobueno1388 Regular Member

pocobueno1388

Posted
Posted

THANK YOU! That code looks somewhat familiar. Ill try it now...

 

As far as the echo part, if they came from the right page, what do I do, insert the entire page contents within the echo brackets? Of course I don't want to just display a sentence. Thanks again.

 

You COULD do that...or you could simply exit the script, like this:

 

<?php

if ($_SERVER['HTTP_REFERER'] != "domain.com/protected/hide.php"){
   echo "Coming from the wrong page....";

exit;
}

?>

 

That might not be convenient in your situation though...it all depends.

 

chigley Newbie

chigley

Posted
Posted

It's not exactly secure as referrer values can be tricked all the time. If I were you, I'd use sessions:

 

hide.php

 

<?php

session_start();

$_SESSION["from_hide"] = true;

echo "<a href=\"page.php\">Link to page.php</a>";

?>

 

page.php

 

<?php

session_start();

if(!$_SESSION["from_hide"]) {
die("You came from the wrong page!");
}

// Rest of your code here

?>

 

That is a much more secure method :)

sitefever Newbie

sitefever

Posted
  • Author
Posted

Again, thank everyone for their suggestions. Actually, I have been looking into using sessions for this purpose. The bad thing is that I am using punbb forum, and when a member logs in they can go to their profile. Under their profile I have added a link (which they could not get to if they were not logged in obviously). In punbb, the address might look like profile.php?id=4. I got the link to pass that to the other script. When they click on the link, it will take them to script2.php?id=4.

 

GREAT!

 

Now, I need to make sure you can only get to script2.php?id=4 if you came from profile.php?id=4 (simple enough), AND I need to be sure that the user can click on any links on the script2 page without any errors (so there goes my http referer).

 

As far as the sessions go, punbb obviously is already using sessions and I am getting errors when trying to use another one. Maybe Im putting the code in the wrong spot?

 

Thanks!

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.