Re: Problem Blocking Access

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




THANK YOU SO MUCH, you did not give me the code I needed but you did 
get me on the right road to solving the problem.......
-----------
<?php
session_start();
if(($_SERVER["HTTP_REFERER"]=="http://www.tossaround.com/index.php";) 
XOR ($_SERVER["HTTP_REFERER"]=="http://www.tossaround.com/index.php?
specialurl=my_account.php")){
	if($_SESSION["LOGIN"]==false){
	    $redirect=true;
    	$delay=5;
		$goto="sign_in.php";
		include("includes/header.php");
		echo("Sorry but you must be logged in first");
	}else{
		include("includes/header.php");
		echo("Welcome");
	};
	include("includes/footer.php");
}else{
	die("<script>window.location=\"index.php\"</script>");
};
------------
This prevents users from directly accessing the file unless they call 
the fill from the two URL which requires them to be within the index 
page.....ROCK ON!!!!

Thank you so much for your help.

--- In php-objects@xxxxxxxxxxxxxxx, Andrew John Young 
<andrewjohnyoung@xxxx> wrote:
> Peace!
> 
> Hi Jason,
> 
> let me get this straight... okay you have a home page with an IFRAME
> right? the home page is index.php and you initialized a 
session_start
> ( ) and I'm assuming you wrote a cookie .
> 
> okay if I'm still right, on the content pages you initialized a
> session_start() and checked for the existence of this cookie and if
> this cookie is not available your sent back to the home page right?
> 
> ok, since the home page starts the session you can then directly 
write
> the content page's url and access it directly. You don't want this 
to
> happen....
> 
> well, this is quite sticky since you don't employ a login 
procedure...
> at least with the login procedure you can initially destroy all 
cookie
> sessions first via session_unset() and session_destroy() then delay
> writting the cookie session after the user has logged in.
> 
> But you can check for referring pages, I think... have you tried 
using
> $_SERVER["HTTP_REFERER"]
> 
> if the referring page is'nt index.php then you can kick them back to
> the index page... anyway, experiment with it... and try downloading
> the PHP chm manual... it really helps especially the extended 
version.
> 
> 
> GOD BLESS!
> On Thu, 16 Dec 2004 13:06:36 -0000, Jason <jason@xxxx> wrote:
> > 
> > 
> > OK what I am trying to do is block users from accessing a page
> > directly.
> > 
> > I want them to only be able to view the page via the IFRAME and 
not
> > type in the URL and go to it directly.
> > 
> > I have a session started on all pages and if the index.php doesnt
> > start the session varible you can not access the page...it returns
> > them to the index.php.  Problem is, once the index.php has 
run...you
> > can then type the url in directly and go to the page.
> > 
> > Is there a way to stop this???
> > 
> > If you need more details just ask....
> > 
> > 
> > PHP Data object relational mapping generator - http://www.meta-
language.net/
> > Yahoo! Groups Links
> > 
> > 
> > 
> > 
> > 
> 
> 
> -- 
> Engr. Andrew John P. Young
> IT Consultant/RH Technician
> sn# 609003172208054
> "With God Everything IS POSSIBLE"





------------------------ Yahoo! Groups Sponsor --------------------~--> 
$4.98 domain names from Yahoo!. Register anything.
http://us.click.yahoo.com/Q7_YsB/neXJAA/yQLSAA/saFolB/TM
--------------------------------------------------------------------~-> 

PHP Data object relational mapping generator - http://www.meta-language.net/ 
Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/php-objects/

<*> To unsubscribe from this group, send an email to:
    php-objects-unsubscribe@xxxxxxxxxxxxxxx

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/
 




[Index of Archives]     [PHP Home]     [PHP Users]     [PHP Soap]     [Kernel Newbies]     [Yosemite]     [Yosemite Campsites]

  Powered by Linux