Previous Page Referrer Help

WorkinClassPeon

Hello Everyone,

I would like to alter the following code, so that instead of checking the referrer for the domain name, it checks to see if the user came from a specified previous page. In other words, I don't want the user to be able to access the current page, unless they came from a specific previous page. I imagine that I have to use some kind of "$previous_page" variable, but being new to PHP, I don't quite know how to set it up.

<?php

require('forums.php');

$url = parse_url($_SERVER['HTTP_REFERER']);
$host = explode('.', $url['host']);
$domain = $host[count($host)-2].'.'.$host[count($host)-1];
if (! in_array($domain, array('mysite.org'))) {
die('Please enter our site the proper way! Thanks!');
}else{
echo "";
}

Thanks a lot to whoever responds,

WorkinClassPeon

Houdini

Well one way would be kind of along these lines:

<?php
header("location:pagetwo.php?page=first");
?>

then pagetwo.php

<?php 
if($_GET[page]=="first")
echo "You came from page one";
 ?>

WorkinClassPeon

Hello Houdini,

Thanks for your reply. Should I assume that you work magic with PHP? 🙂

I am a bit confused by your response. Are you saying that the following code must be placed at the top of the first page, that is, the page that they are coming from?

<?php
header("location:pagetwo.php?page=first");
?>

And that the following code should be placed at the top of the page that they are going to?

<?php
if($_GET[page]=="first")
echo "You came from page one";
?>

Also, I want the code to inform them that they have entered the page illegally, if they haven't entered it by the previous specified page, so would this work?

<?php
if($_GET[page]=="first")
die('Please enter our site the proper way! Thanks!');
}else{
echo "";
}

Wouldn't the above code send them the die message if they didn't enter legally, and the contents of the page, if they did enter legally?

Thanks again...and please remember, that I am very new at this.

WCP

Houdini

Hmm no what I gave was just an example you could use session variables or even post variables to achieve what it is you want. As real code you would set up one page with a variable passed through a session or with the URL with something like

<a href='http:yoursite/nextpage.php?from=index>Next</a>

What this line of code does is make a link with a variable passed through the URL and you would access the value of it either with $GET['from'] or $REQUEST['from'] and either of these tow conditions would show that from has the value of index so you might just want to add to or rewrite your code to pass a variable from one page to another, the simple example that I gave just show a snippet of how it could be done.

WorkinClassPeon

Hello Again,

Well, I said that I was new at this, and I meant it. 🙂 In short, you are talking over my head, so let's simplify this.

Let's suppose that I have a page called "pageone.html", and a second page called "pagetwo.html". I don't want the user to be able to access "pagetwo.html" unless they are coming directly from "pageone.html". If they are in fact coming directly from "pageone.html", then the full contents of "pagetwo.html" will be displayed for them. If they are not coming directly from "pageone.html", then they will get the message "Please enter this page by the proper way! Thanks!".

So, can you please provide me with the exact code that you personally would use to accomplish the above? When I posted my original question, I was really hoping for a "copy and paste" solution. I think it is easier for PHP newbies like myself to learn by seeing actual code examples, and seeing exactly how they are written...and then we can learn to modify them, as needed.

Thanks again,

WCP

Houdini

I show simple examples of how to achieve things so in this case lets look at one.
call this anything you want as long as it has a .php extension

<?php
//making it work
?>
<center><h2>This is the fantastic first page of the superduper site.</h2></center><br />
To make this work you must first be on page one then you can go on since this is a members only site.<br />
So to continue then you will have to click this link right <a href='two.php?go=no'>Here</a>

Now make this script two.php

<?php 
if($_GET[go]=="no"){
echo "You came from the index page properly! <br /><center><h3>Welcome to the site you may now proceed!</h3></center>";
}
else{
  echo "You have entered this page illegaly and your IP address is recorded and will be banned!";
  exit;
}
 ?>

If you run two.php by itself it will execute the else statement because the $_GET array variable was not set.

Now before I get into trouble for sloppy and insecure code then use the below in place of the above:

<?php
session_start();
$_SESSION['auth']="yes";
//making it work better
?>
<center><h2>This is the fantastic first page of the superduper site.</h2></center><br />
To make this work you must first be on page one then you can go on since this is a members only site.<br />
So to continue then you will have to click this link right <a href='two.php?go=no'>Here</a>

and the two.php

<?php 
session_start();
if($_GET[go]=="no" && $_SESSION['auth']=='yes'){
echo "You came from the index page properly! <br /><center><h3>Welcome to the site you may now proceed!</h3></center>";
}
else{
  echo "<h2>Hacking attempt!</h2>You have entered this page illegaly and your IP address is recorded and will be banned!";
  exit;
}
 ?>

WorkinClassPeon

Hello Again Houdini,

I just logged on here a few minutes ago to thank you for the code. It is simple enough, and it works fine with one slight modification. However, then I saw that you had edited your message and updated the code in order to make it more secure.

Well, I tried the second code, and the server is throwing me an error message now. Below is the error message.

Note: I'm sorry, but being as this is a public forum, and we don't know who visits here, I have to leave out the actual paths, as this project I am working on is aimed at slowing down those who abuse email forms, contact us forms, referral forms, etc., if you know what I mean. There is no need to give them the heads up on our attempts to get ahead of their game.

Anyway, when I click on the link on the first page, I get this error, and it won't display the second page:

Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at /...../........./___php:121) in /......./...../........./__.php on line 5

I imagine that this won't give you enough information to figure out what is going on, but I can tell you that line 121 is at the very end of the .php document, right after </body></html>. There is nothing after that on line 121.

How unsafe is the first version of your code?

Also, exactly what does go='no' mean? Does it have to be that word "no", or can I put any word there that I want, just as long as it is the same on both pages?

Thanks again,

WCP

Houdini

A session_start() needs to be called before any output of any kind, this is why it is normally placed at the beginning of the script. If you moved the session_start() somwhere that it should not be then put it back to the top of the script, or show what you now have.

The second code is more secure because if someone bookmars or makes a favorite of your url the page will show as http://yourhost.com/two.php?go=no So anyone can get to the two.php by manipulating the URL so in the second code I added a second variable a SESSION variable named auth, so unless the session variable and the $_GET variable are both set then it is a breach.

the stuff after the ? in a URL that is passing a variable and valuethe first part is the variable go and the second part is the value assigned to go which is no, and it could be anything you choose. So if you wrote two.php?go=test then on the next page to test for the value of go you would check $_GET['go'] and find that that value is 'test' or if it is not do something different in the script. If someone tried to manipulate your script by passing their own variable values then you need to check if this is the case. You might want to how your new code to see what is causing the error.

Also, exactly what does go='no' mean? Does it have to be that word "no", or can I put any word there that I want, just as long as it is the same on both pages?