RE: [PHP] [posibleOT] Forcing entering te site thru index.php
The only other way I can think of doing this without sessions is to use $_SERVER['HTTP_REFERER'] to check if page request is coming from an existing page within your site or not. But I don't think this method will work 100% of times. Another approach would probably be to use single entry point controller model meaning, all pages are served by index.php. Still not sure as to how you can do this without sessions but you might want to look at frameworks like php.MVC or Fusebox that use the controller model http://www.phpmvc.net/ http://php-fusebox.sourceforge.net/ Hope this helps. -Original Message- From: Fernando M. Maresca [mailto:[EMAIL PROTECTED] Sent: Sunday, December 21, 2003 10:57 AM To: [EMAIL PROTECTED] Subject: [PHP] [posibleOT] Forcing entering te site thru index.php Hello everybody. Well, i'm trying to avoid access to the site for the middle. Say there is a initial page with a form and other pages that depends on this. Is there a way to force users access the site thru the initial form page, regardless of the url? Something like this: lynx http://mysite/forma2.php/ produce the browser to redirect to http://mysite/index.php/ Of course, the forma2.php must be served if its accesed after index.php. Thanks -- Fernando M. Maresca Cel: (54) 221 15 502 3938 Cel: 0221-15-502-3938 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] [posibleOT] Forcing entering te site thru index.php
On Mon, Dec 22, 2003 at 01:09:37AM +0100, Andreas Magnusson wrote: : : You can use the Referer header found in $_SERVER['HTTP_REFERER'] to check : from which page the user comes from. Unfortunately, HTTP_REFERER is not guaranteed to exist. In fact, several Windoze firewall software actively block this information from being sent to the web server. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] [posibleOT] Forcing entering te site thru index.php
> > There are several ways to do this. The most obvious is with cookies. > > Set up your index.php to initially create a cookie that authorizes a > > user to look in the site. On the rest of your PHP pages, check that > > this authorization cookie exists. If not, redirect to index.php. > Thanks for the response. > No, this way don't do it: once the cookie is set up in the client's browser, there is no way for me to prevent the client to type the url pointing to another page, and the cookie will be valid on that page. > What i'm trying to do is to force the client to travel pages in the > order expected, forbidding him/her to access a page out of sequence, > wich take him to an error message (because, for example, for abscense of > POST data or something). > So i'm stuck. > Thenak you. You can use the Referer header found in $_SERVER['HTTP_REFERER'] to check from which page the user comes from. /Andreas -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] [posibleOT] Forcing entering te site thru index.php
> Not really. It depends on how you use your cookie. The cookie could be > some unique ID to some session-based system (whether you use PHP session > functions or not) that keeps a track of where the user is. So let's say > the user did the right thing, went to index.php, got a cookie, and went > to the next page (let's say forma1.php). Your session system notes that > the user is currently on forma1.php. But the same user gets distracted, > does not go through the form normally, leaves for a few hours, and then > tries to return but jump directly to forma2.php. Your session system > realizes that he's not supposed to be there, and kicks him out to > whereever you want him. You are right. I'm using $_SESSION vars to do this, but i don't like it because forces cookies enable in the client, and today many people disable cookies. In the other hand, $_POST vars are not very secure. i'm looking for a clean solution, and can't figure out how. So the question in first place would be: how you guys do it?. Nevermind, this is not big deal. The aproach i've take works, but you are experienced people and i'm not, and i'm very interested in the way you're using to solve problems like this ones. So thanks a lot. -- Fernando M. Maresca Cel: (54) 221 15 502 3938 Cel: 0221-15-502-3938 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] [posibleOT] Forcing entering te site thru index.php
On Sun, Dec 21, 2003 at 04:11:36PM -0300, Fernando M. Maresca wrote: : On Sun, Dec 21, 2003 at 01:03:43PM -0600, Eugene Lee wrote: : > On Sun, Dec 21, 2003 at 03:57:24PM -0300, Fernando M. Maresca wrote: : > : : > : Well, i'm trying to avoid access to the site for the middle. Say : > : there is a initial page with a form and other pages that depends : > : on this. Is there a way to force users access the site thru the : > : initial form page, regardless of the url? : > : Something like this: : > : lynx http://mysite/forma2.php/ : > : produce the browser to redirect to : > : http://mysite/index.php/ : > : : > : Of course, the forma2.php must be served if its accesed after : > : index.php. : > : > There are several ways to do this. The most obvious is with cookies. : > Set up your index.php to initially create a cookie that authorizes a : > user to look in the site. On the rest of your PHP pages, check that : > this authorization cookie exists. If not, redirect to index.php. : : Thanks for the response. : No, this way don't do it: once the cookie is set up in the client's : browser, there is no way for me to prevent the client to type the url : pointing to another page, and the cookie will be valid on that page. : What i'm trying to do is to force the client to travel pages in the : order expected, forbidding him/her to access a page out of sequence, : wich take him to an error message (because, for example, for abscense : of POST data or something). : So i'm stuck. Not really. It depends on how you use your cookie. The cookie could be some unique ID to some session-based system (whether you use PHP session functions or not) that keeps a track of where the user is. So let's say the user did the right thing, went to index.php, got a cookie, and went to the next page (let's say forma1.php). Your session system notes that the user is currently on forma1.php. But the same user gets distracted, does not go through the form normally, leaves for a few hours, and then tries to return but jump directly to forma2.php. Your session system realizes that he's not supposed to be there, and kicks him out to whereever you want him. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] [posibleOT] Forcing entering te site thru index.php
On Sun, Dec 21, 2003 at 01:16:58PM -0600, Website Managers.net wrote:
> Cookies are a possibility but not always functional. Many people have them shut off,
> or services like WebTV do not support them. Two other possibilities are seccions and
> POST variables.
>
> _SESSIONS_
> forma2.php
> if((!isset($_SESSION["username"]) || (!isset($_SESSION["password"])) {
> header("Location:index.php");
> }
>
> __ POST __
> // check to make sure username and password are entered and if so, they must match
> account
> if ((!$_POST["username"]) || (!$_POST["password"]) || ($_POST["username" !=
> "myuser") || ($_POST["password"] != "mypassword"])) {
> header("Location:index.php");
> }
Thanks, Jim.
Yes, i'm doing something like that: i'm propagating a string thru
$_SESSION that is set up in the first page and is valid until session
expires or init page is reloaded.
But i think that may be another (and better) way to do this, and can't
figure out how.
>
> Jim
> www.websitemanagers.net
Fernando M. Maresca
Cel: (54) 221 15 502 3938
Cel: 0221-15-502-3938
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] [posibleOT] Forcing entering te site thru index.php
Cookies are a possibility but not always functional. Many people have them shut off,
or services like WebTV do not support them. Two other possibilities are seccions and
POST variables.
_SESSIONS_
forma2.php
if((!isset($_SESSION["username"]) || (!isset($_SESSION["password"])) {
header("Location:index.php");
}
__ POST __
// check to make sure username and password are entered and if so, they must match
account
if ((!$_POST["username"]) || (!$_POST["password"]) || ($_POST["username" != "myuser")
|| ($_POST["password"] != "mypassword"])) {
header("Location:index.php");
}
Jim
www.websitemanagers.net
- Original Message -
From: "Fernando M. Maresca" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Sunday, December 21, 2003 12:57 PM
Subject: [PHP] [posibleOT] Forcing entering te site thru index.php
| Hello everybody.
| Well, i'm trying to avoid access to the site for the middle. Say there
| is a initial page with a form and other pages that depends on this. Is
| there a way to force users access the site thru the initial form page,
| regardless of the url?
| Something like this:
| lynx http://mysite/forma2.php/
| produce the browser to redirect to
| http://mysite/index.php/
|
| Of course, the forma2.php must be served if its accesed after index.php.
| Thanks
|
| --
|
| Fernando M. Maresca
|
| Cel: (54) 221 15 502 3938
| Cel: 0221-15-502-3938
|
| --
| PHP General Mailing List (http://www.php.net/)
| To unsubscribe, visit: http://www.php.net/unsub.php
|
|
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] [posibleOT] Forcing entering te site thru index.php
On Sun, Dec 21, 2003 at 01:03:43PM -0600, Eugene Lee wrote: > On Sun, Dec 21, 2003 at 03:57:24PM -0300, Fernando M. Maresca wrote: > : > : Well, i'm trying to avoid access to the site for the middle. Say there > : is a initial page with a form and other pages that depends on this. Is > : there a way to force users access the site thru the initial form page, > : regardless of the url? > : Something like this: > : lynx http://mysite/forma2.php/ > : produce the browser to redirect to > : http://mysite/index.php/ > : > : Of course, the forma2.php must be served if its accesed after index.php. > > There are several ways to do this. The most obvious is with cookies. > Set up your index.php to initially create a cookie that authorizes a > user to look in the site. On the rest of your PHP pages, check that > this authorization cookie exists. If not, redirect to index.php. Thanks for the response. No, this way don't do it: once the cookie is set up in the client's browser, there is no way for me to prevent the client to type the url pointing to another page, and the cookie will be valid on that page. What i'm trying to do is to force the client to travel pages in the order expected, forbidding him/her to access a page out of sequence, wich take him to an error message (because, for example, for abscense of POST data or something). So i'm stuck. Thenak you. > -- Fernando M. Maresca Cel: (54) 221 15 502 3938 Cel: 0221-15-502-3938 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] [posibleOT] Forcing entering te site thru index.php
On Sun, Dec 21, 2003 at 03:57:24PM -0300, Fernando M. Maresca wrote: : : Well, i'm trying to avoid access to the site for the middle. Say there : is a initial page with a form and other pages that depends on this. Is : there a way to force users access the site thru the initial form page, : regardless of the url? : Something like this: : lynx http://mysite/forma2.php/ : produce the browser to redirect to : http://mysite/index.php/ : : Of course, the forma2.php must be served if its accesed after index.php. There are several ways to do this. The most obvious is with cookies. Set up your index.php to initially create a cookie that authorizes a user to look in the site. On the rest of your PHP pages, check that this authorization cookie exists. If not, redirect to index.php. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
