开发者

Allow Form to go to page but dis-allow url based access

问答 作者:

Good evening Stack members,

I have no experience with that im about to ask so it may be a totally stupid idea.

We have a few different pages that ask for different bits of information

On each form we have the post to the next page , then we have php code to collect the information from the previous page and fill in the next page - we have bits of code on the second page that rely on the first page to be filled in else they will just stay blank.

What we were wondering is .. is that any way for us to deny requests via the web if someone went to page2.php it redirected to page1.php or just said access denied but yet allowed access if our form posted information to page 2

I'm sorry if this is开发者_StackOverflow quite messy and i do agree if you rate me down but im just a beginner and trying to figure this out for myself , I understand a lot of you are quite knowledgeable and would be grateful for any information at all

Thanks

So basically to recap

Page 1 > User fils in information > pass > page2.php

User tries to enter page2.php into their browser url window >> denied >> redirect

on page 1 put a hidden value in the form,

<input type="hidden" id="page" name="page" value="1" />

on page 2

    if($_POST['page'] !='1'){
    header('Location: http://www.example.com/page1.php');
    exit();
    }

You could also use sessions

At the top of page1.php:

<?php
session_start();
$_SESSION['last_page'] = 1;

// your code

At the top of page2.php:

<?php
session_start();
if(! isset($_SESSION['last_page']) && $_SESSION['last_page'] == 1){
    header('Location: http://domain.com/page1.php');
    exit(0);
}

// if you have more pages increment the last_page count
$_SESSION['last_page']++;

// your code

You can check the REQUEST_METHOD variable to make sure the user came to the page via a POST request, like so

if ($_SERVER['REQUEST_METHOD'] === 'POST')
{
    //Your code goes here
}

Or alternatively, check to see if they came by an alternate method (e.g. GET) and acct accordingly

if ($_SERVER['REQUEST_METHOD'] != 'POST')
{
    //send the user back to page one
    header('Location: page1.php');

    //don't allow the script to continue
    die('access denied!');
}

//Your code goes here

Yes, it is. You just need to store a variable (probably in the current $session user array, or in a relative database table / file / whatever it happens to be) as a flag for the current $index of that form proccess.

继续阅读:php

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9