homepage Welcome to WebmasterWorld Guest from
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
Forum Library, Charter, Moderators: coopster & jatar k

PHP Server Side Scripting Forum

How to block direct access to certain pages

5+ Year Member

Msg#: 4111809 posted 4:13 am on Apr 8, 2010 (gmt 0)


I have few pages in my site to which I want to block direct access. For example. a visitor can only go to login page [login.php] when he has submitted the form available at index page [index.php].

I have two types of user in my site. In the index.php i ask the user to select the type of user they want to be.

To do this when the form is submitted in the index page, I am adding session value to the url. In the login page I am checking the session value from the url with current session value.

< INDEX.php page >

# Get current session values
$session = session_id();

if($radiobutton == 'c'){
}else if ($radiobutton == 'o'){

< LOGIN.php >

session_start(); // Start session

$user = $_REQUEST['user']; // Get user type
$session = $_REQUEST['session'];// Get session value

$current_session = session_id();// Get current session value

if (!$current_session = $session){

Is there any other better way to prevent user landing in the second page without being in the first page?

Thank you.



WebmasterWorld Senior Member 5+ Year Member

Msg#: 4111809 posted 7:32 am on Apr 8, 2010 (gmt 0)

Hi there impact,

Just a quick note really, this:-

if (!$current_session = $session){

Your just assigning the value there (=) your not evaluating it ie:-

if ($current_session != $session){

That compares and if not equal to the first part of the clause is true.

I assume that elsewhere in the script, you are assigning the $_POST/$_GET and not using registered globals ?



WebmasterWorld Administrator jatar_k us a WebmasterWorld Top Contributor of All Time 10+ Year Member

Msg#: 4111809 posted 3:33 pm on Apr 8, 2010 (gmt 0)

let's cover one quickie

don't use $_REQUEST, test $_POST or $_GET, be specific about what you are testing, if something could come in both ways then test both explicitly instead of reverting to $_REQUEST, that includes a lot more than you think.

the login.php kinda makes my head implode, partially because of the REQUEST instead of GET but also if this works, which it actually might, I really don't think it is doing what you meant it to.

are you just trying to ensure they choose one of the types? if so then the session id really doesn't matter, drop the thought but you can put the selected value into the actual session and then test for it on the following page

$_SESSION['usertype'] = $radiobutton;

then on the next page

if ($_SESSION['usertype'] != 'o' || $_SESSION['usertype'] != 'c') {
// send them away, they haven't selected yet
} else {
// show them the proper content here

that's pretty much it


5+ Year Member

Msg#: 4111809 posted 8:50 am on Apr 9, 2010 (gmt 0)

Thank you.

Global Options:
 top home search open messages active posts  

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved