4 Replies - 9821 Views - Last Post: 20 May 2011 - 02:56 PM Rate Topic: -----

#1 flip4life   User is offline

  • D.I.C Head

Reputation: -2
  • View blog
  • Posts: 50
  • Joined: 29-April 11

How to make a page not accessible directly

Posted 20 May 2011 - 02:27 PM

Is there a simple PHP code or something that can make it so a webpage ex. "quote_error.php" is not accessible directly ( when putting this in url: http://www.website.com/quote_error.php - it returns "page is not accessible directly") unless the user is redirected to that page from quote.php? Or does this begin an extremely complicated phase?

I have seen it numerous times, for example, this webpage: "http://www.franksbasements.com/contact_script.php" you get the result - "Forbidden - You are not authorized to view this page." unless directed there from submitting a form.

Thanks for the help!

Is This A Good Question/Topic? 0
  • +

Replies To: How to make a page not accessible directly

#2 CTphpnwb   User is offline

  • D.I.C Lover
  • member icon

Reputation: 3796
  • View blog
  • Posts: 13,742
  • Joined: 08-August 08

Re: How to make a page not accessible directly

Posted 20 May 2011 - 02:48 PM

You could set a session variable in the first page and then check its value in the second. You might even place a hashed version of that variable in the link to the second, giving you a couple of ways to verify that they've reached the second through a link.
Was This Post Helpful? 0
  • +
  • -

#3 Dormilich   User is offline

  • 痛覚残留
  • member icon

Reputation: 4208
  • View blog
  • Posts: 13,283
  • Joined: 08-June 10

Re: How to make a page not accessible directly

Posted 20 May 2011 - 02:49 PM

the most simple way is including the file in another page.

you can even go as far as making one single page (a so-called bootstrap file) the entry point for all pages.
Was This Post Helpful? 0
  • +
  • -

#4 Martyr2   User is offline

  • Programming Theoretician
  • member icon

Reputation: 5239
  • View blog
  • Posts: 14,035
  • Joined: 18-April 07

Re: How to make a page not accessible directly

Posted 20 May 2011 - 02:49 PM

There are a couple ways to do something like this...

1) In PHP you can check $_SERVER["HTTP_REFERRER"] which will tell your script which page sent them to the forbidden page. This is set by the user agent so may not be 100% reliable.

2) You can use a session and on the page right before you reach the forbidden page you can set a session variable which then you test on the forbidden page. If it is not set, they didn't pass "through" the other page.

3) If the page you don't want them to visit is primarily a code page, you could just check if the realpath of __FILE__ is equal to the realpath of $_SERVER['SCRIPT_FILENAME'] which will essentially tell you if the file has been included inside another page or the person is trying to run the script directly.

So it depends on what exactly you want to do. :)
Was This Post Helpful? 0
  • +
  • -

#5 flip4life   User is offline

  • D.I.C Head

Reputation: -2
  • View blog
  • Posts: 50
  • Joined: 29-April 11

Re: How to make a page not accessible directly

Posted 20 May 2011 - 02:56 PM

Well, I currently have the second page start with a

<?php session_start();


and it just spits out the same form that was on the previous page, putting all of the information they put on the previous page.

The previous page (quote.php) is not entirely PHP though, it is all HTML except the form, which is php, so I would have to set an identity to the form rather than the "quote.php" page? or can i just set a <?php session_start(); ?> to the top of the quote page and tell the second page to not do anything unless it was at least accessed from quote.php?

I primarily made this page so it checks the captcha to verify it is correct and if so, it sends the email. If the code is not correct, as you can see below, It just stays on the page (which is what I want, so they can retry the capcha)

if(($_POST['check']) == $_SESSION['check']) { 
echo"<script>window.location = 'thankyou.php'</script>";
}else{ 
echo"";  
die();      
}



So with the first "if" function, I would also add code that pretty much makes it terminate the page unless it has been accessed from quote.php or better yet, from the actually form submit button being clicked?

So this would be going through the second method that Martyr2 posted i'm assuming?

This post has been edited by flip4life: 20 May 2011 - 03:04 PM

Was This Post Helpful? 0
  • +
  • -

Page 1 of 1