php navigation validation

How to check if the user has entered the page by clicking on the button and not from copy pasting the URL ?

For example, if a user has clicked on Register I want him/her to go to tha开发者_开发技巧t page only by clicking the Register button and not by copy pasting the link. Also, is it a good practice to give the page name on the address bar or should I have to hide the page. If I am hiding the page will I be able to do that ?

For example, if localhost/projname/register.php. I don't want people to see the register or login or about or anything on the address bar except localhost/projname.

Maybe check if he used $_POST, something like:

<?php
if($_SERVER['REQUEST_METHOD'] == "POST"){
// do ya thing
}
else
{
?>
<form action="index.php" method="post">
are you sure? <input type="submit" value="yes">
</form>
<?php
}
?>

You can use the HTTP_REFERER data of the $_SERVER reserved variable to see where did the user come from.

if(empty($_SERVER['HTTP_REFERER'])) {
    // if we are here, the user copy pasted the url.
}

As for your second question, you can't totally "hide the page" like you're suggesting. The web server must know which page to show, so the browser must know has well.

You can however obfuscate the page name. For example you can call the page "sfhjgdjkfg" so the user won't be able to know that this is the "registering" page. But I think it's really a bad idea, why in the first place want you to hide this ?

One method is to use $_SERVER['HTTP_REFERER'] to verify that they clicked a link from your site, but this method isn't fool-proof as many Firewall and Anti-virus suites will remove the Referrer information.

A better method would be to generate a temporary session token on the pages of your site, and check for that token when the Register page is opened.

If your form uses POST parameters, the browser will pass on some POST data. You could then check

if (empty($_POST)) {
   //didn't click the button, just went straight to the url
}else{
   //did click the button
}