THANK YOU SO MUCH, you did not give me the code I needed but you did get me on the right road to solving the problem....... ----------- <?php session_start(); if(($_SERVER["HTTP_REFERER"]=="http://www.tossaround.com/index.php";) XOR ($_SERVER["HTTP_REFERER"]=="http://www.tossaround.com/index.php? specialurl=my_account.php")){ if($_SESSION["LOGIN"]==false){ $redirect=true; $delay=5; $goto="sign_in.php"; include("includes/header.php"); echo("Sorry but you must be logged in first"); }else{ include("includes/header.php"); echo("Welcome"); }; include("includes/footer.php"); }else{ die("<script>window.location=\"index.php\"</script>"); }; ------------ This prevents users from directly accessing the file unless they call the fill from the two URL which requires them to be within the index page.....ROCK ON!!!! Thank you so much for your help. --- In php-objects@xxxxxxxxxxxxxxx, Andrew John Young <andrewjohnyoung@xxxx> wrote: > Peace! > > Hi Jason, > > let me get this straight... okay you have a home page with an IFRAME > right? the home page is index.php and you initialized a session_start > ( ) and I'm assuming you wrote a cookie . > > okay if I'm still right, on the content pages you initialized a > session_start() and checked for the existence of this cookie and if > this cookie is not available your sent back to the home page right? > > ok, since the home page starts the session you can then directly write > the content page's url and access it directly. You don't want this to > happen.... > > well, this is quite sticky since you don't employ a login procedure... > at least with the login procedure you can initially destroy all cookie > sessions first via session_unset() and session_destroy() then delay > writting the cookie session after the user has logged in. > > But you can check for referring pages, I think... have you tried using > $_SERVER["HTTP_REFERER"] > > if the referring page is'nt index.php then you can kick them back to > the index page... anyway, experiment with it... and try downloading > the PHP chm manual... it really helps especially the extended version. > > > GOD BLESS! > On Thu, 16 Dec 2004 13:06:36 -0000, Jason <jason@xxxx> wrote: > > > > > > OK what I am trying to do is block users from accessing a page > > directly. > > > > I want them to only be able to view the page via the IFRAME and not > > type in the URL and go to it directly. > > > > I have a session started on all pages and if the index.php doesnt > > start the session varible you can not access the page...it returns > > them to the index.php. Problem is, once the index.php has run...you > > can then type the url in directly and go to the page. > > > > Is there a way to stop this??? > > > > If you need more details just ask.... > > > > > > PHP Data object relational mapping generator - http://www.meta- language.net/ > > Yahoo! Groups Links > > > > > > > > > > > > > -- > Engr. Andrew John P. Young > IT Consultant/RH Technician > sn# 609003172208054 > "With God Everything IS POSSIBLE" ------------------------ Yahoo! Groups Sponsor --------------------~--> $4.98 domain names from Yahoo!. Register anything. http://us.click.yahoo.com/Q7_YsB/neXJAA/yQLSAA/saFolB/TM --------------------------------------------------------------------~-> PHP Data object relational mapping generator - http://www.meta-language.net/ Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/php-objects/ <*> To unsubscribe from this group, send an email to: php-objects-unsubscribe@xxxxxxxxxxxxxxx <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
