How are you "calling thankyou.php"?
1. are you -redirecting- the user to that file?
--or--
2. are you -including- that file into register.php upon a successful
submission?
The method you're using determines how you best secure thankyou.php
from direct access.
If you're redirecting, then using a session variable is what you want.
If you're including, then a simple constant or variable defined in
register.php can be checked and validated in thankyou.php.
NOTE: use of session_register() is deprecated. After calling
session_start(), just assign variables directly to $_SESSION:
$_SESSION['firstname'] = 'Fred;
~Ted
On 2-Jun-08, at 11:12 AM, Sudhakar wrote:
i have a registration page called register.php if the data entered is
validated correctly i call a file called thankyou.php or else
validate.php
presently a user after seeing the url website.com/thankyou.php if
they enter
the url directly in the browser as website.com/thankyou.php they can
access
the file, if a user accesses the file this way i would like to
redirect to a
page saying "Direct acess to this file is not allowed"
previously i used sessions in register.php and also in thakyou.php and
validate.php and it worked fine for some reason now it is not
working the
way it is supposed to i might have made some changes which i do not
know
previously my code in register.php was, the first few lines of
register.php
file
=====================================================================
<?php
ob_start();
session_start();
if(!session_is_registered("directaccess"))
{
session_register("directaccess");
}
// rest of the html and php code
ob_end_flush();
?>
=====================================================================
code in thankyou.php, the first few lines of register.php file
=====================================================================
<?php
session_start();
if(!session_is_registered("directaccess"))
{
header("Location: http://website.com/directaccess.html";);
exit;
}
// rest of the html and php code
ob_end_flush();
?>
=====================================================================
NOTE = in thankyou.php i display a thank you message by retrieving
the first
name from register page and displaying in thankyou.php using session
variables in the following way
in register.php, the first few lines of register.php file
=====================================================================
if(!session_is_registered("firstname"))
{
session_register("firstname ");
}
$_SESSION[firstname] = $ firstname;
=====================================================================
in thankyou.php, the first few lines of register.php file
=====================================================================
if(session_is_registered("firstname "))
{
echo $_SESSION[firstname];
session_unregister("firstname ");
}
=====================================================================
please advice how i should rewrite the php code in both the
files(register.php and thankyou.php) so that if a user enters the url
directly in the browser i can redirect to directaccess.html file
thanks.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
