Re: Insuring proper use of a SITE and it's pages...

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Don Wieland wrote:
... I am running into issue with using the BACK button and history.

Bottom line is I want the $_SESSION['LastPage'] with the current pages name regardless of how it's accessed.

Using the "Back" button doesn't necessarily produce a new request to the server. If you want to track such visits at the server, I think the conventional wisdom is to deliver a dummy page with a redirect to the real "payload" page. I believe the redirect will be invoked regardless of whether the dummy page was arrived at by the "Back" button or not.

(But frankly it's been a while since I fooled with this so I may be wrong.)

John


Don Wieland wrote:
Hello,

I am in the process of setting up a function to help with proper page navigation/processes and page access. Basically, the way I was hoping it could work is every time I load a page I would set a Last Page SESSION variable with the file name. Then when another page is targeted, I would refer to that session variable to make sure that the navigation is allowed and if the user's level allows access to the page (to guard against hacking, history, and bookmarks). If the two test are not invoked, it would then reset the "LastPage" with that current page. I am running into issue with using the BACK button and history.

Bottom line is I want the $_SESSION['LastPage'] with the current pages name regardless of how it's accessed. How do developer's handle this? The function is below:



function Validate_Page_Nav($db, $CurrentPage, $LastPage, $ErrorPage) {

$resul = $db->query("SELECT * FROM Page_Access WHERE URI = '{$CurrentPage}'") or die("failed to get access data");
$page_access = $resul->fetch_assoc();
$pa = $page_access['User_Level'];
$URI_access = explode(",", $pa);

if($_SESSION['Last_Page'] != $LastPage) {
header("location: {$ErrorPage}?message=Unable to update user information.");
exit();
}

if(!in_array($_SESSION['Staff_level'], $URI_access)) {
header("location: {$ErrorPage}?message=Unable to update user information.");
exit();
}

$_SESSION['Last_Page'] = $CurrentPage;

}


Thanks for any advice you can offer.

Don Wieland
D W D a t a C o n c e p t s
~~~~~~~~~~~~~~~~~~~~~~~~~
donw@xxxxxxxxxxxxxxxxxx
Direct Line - (949) 305-2771

Integrated data solutions to fit your business needs.

Need assistance in dialing in your FileMaker solution? Check out our Developer Support Plan at:
http://www.dwdataconcepts.com/DevSup.html

Appointment 1.0v9 - Powerful Appointment Scheduling for FileMaker Pro 9 or higher
http://www.appointment10.com

For a quick overview -
http://www.appointment10.com/Appt10_Promo/Overview.html




--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux