Menu
I have a website running in PHP and I have a page (say confirm.php)
And I only want to allow the users who land to confirm.php comes from a page that I specified (e.g. say register.php), may I know is it possible to achieve this?
Regards, Andy.
645
You can not rely on the HTTP REFERER because users can manipulate it and browsers can refuse to send it.
The only "secure" way would be to set a session variable on register.php and check if that variable is set on confirm.php. Something like this:
register.php:
session_start();
$_SESSION['valid_user'] = true;
confirm.php:
session_start();
if(!isset($_SESSION['valid_user'])) {
die("You did not come from the page i specified!");
}
However, this will not take into account if the latest page was register.php, BUT that the user have been on register.php.
Because HTTP is stateless, you need to keep track of this at the server level. If you don't have a authenticated user for which you can track all pageviews, this is going to be very hard to implement. How secure do you really need it to be?
128
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
