-4

i want to make a page accessable only from a page that redirects to it. this page which redirects to this page is called /purchase.php and then this page redirects to a page which is called /username.php, i want THIS page to be accessable only from /purchase.php and not directly from a url.

Solution: For purchase.php:

<?php
session_start();
//Put this when the purchase is vailidated
$SESSION_['fromMain'] = "true";
//Then redirect
header ("Location: url.com/username.php");
?>

For username.php:

<?php
//Check if the browser comes from purchase php
if($_SESSION['fromMain'] == "false"){
//If not redirect to index page
header ("Location: url.com/index.php
} else {
$SESSION_['fromMain'] = "false";
{
?>
Tehtafara0
  • 25
  • 1
  • 11
  • Don't output anything to the browser from PHP, just HTTP redirect when it's done and the browser *shouldn't* cache it : you could have just used the site search function though : http://stackoverflow.com/questions/49547/making-sure-a-web-page-is-not-cached-across-all-browsers/2068407#2068407 – CD001 May 22 '15 at 15:40

1 Answers1

1

As an additional measure (besides the comment already made by CD001) you could utilize the $_SERVER["HTTP_REFERER"] variable, which will be empty if the script is requested right from the browser interface.

Jaes
  • 36
  • 5
  • Very good answer, but see i want the website to work like this: index page when the user dones with purchase it redirects to a page which is getting the transaction id from the user and his email, then this redirects the user to a pages which has a form for the user to enter a username that he wants and then done. I want to make this website to not be accessable directly from the url but only from the page which is redirecting the user to it. – Tehtafara0 May 22 '15 at 17:13
  • It seems you are not only talking about preventing the pages being marked in the browser history, but also preventing the pages to be accessed in another sequence (in whatever way imaginable). I am not sure which pages you need to prevent the direct access to. If the sequence is a -> b -> c, it seems to me you want to prevent direct acces to b and c, right? Besides the http referer, you could also use post data, so if there is no post data you redirect to page a. Of course this doesn't prevent faking of post data. – Jaes May 22 '15 at 17:53
  • I don't have a problem with b i want to prevent access to c and to be only accessible from b – Tehtafara0 May 22 '15 at 18:01
  • It seems we are talking about multiple things here, caching of php output should be prevented by headers, normally web servers should automatically add the appropriate none caching headers for script requests. In addition to that, you probably need to add additional precautions to prevent someone trying to request b and c outside of your intended sequence. – Jaes May 22 '15 at 18:02
  • I tried to make b set a variable and then c checks if the variable is true but for some reason it didn't worked. – Tehtafara0 May 22 '15 at 18:04
  • In that case, depending how strong you need the security to be, you could use http referrer, post data, and a session cookie or normal cookie. Page b could set up a session var for page c for instance, which is a condition for page c, and deleted when page c is reached. And if the session var is not present, page c could redirect to a. Controlling the whole sequence just with session variables should be fine in my opinion. – Jaes May 22 '15 at 18:07
  • I found that 2 minutes later :) But thank you for trying to help me! – Tehtafara0 May 22 '15 at 18:09
  • No thanks, I suggest posting your solution, so it is of use to others who read this too. – Jaes May 22 '15 at 18:12