How to check where user came from...

Anon

This is a real pain for me...

Firstly, I cannot use HTTP_REFERER because it isn't always set!

Secondly, I want to check that the user has arrived at my PHP page on the main site server from a different (secure) server which has just authorised a credit card transaction.

The idea is to stop people from being able to directly access my PHP page without first going through the credit card bit.

Big problem #1
The secure server does not have PHP!

Big problem #2
A "hidden" field is just not secure enough

Any ideas gratefully received!!

Anon

Sorted it in the end myself...

For those who may be interested this is what I did:

Before going to the secure server, store the users IP address in the database
Authorise credit card as usual
On return to non-secure pages, check that IP address is in the database. If not, redirect back to the secure server. If it is, delete it from the database and continue as normal.

I hope no one can spot a flaw in this because I can't see any other way around it!

Anon

Maybe a timeout feature and what about proxy servers?

Are you sure you have the clients IP address and not their proxy server.

Regards
Darren
http://www.php4hosting.com/