Welcome to WebmasterWorld Guest from

Forum Moderators: coopster & jatar k

Message Too Old, No Replies

How to block direct access to certain pages

4:13 am on Apr 8, 2010 (gmt 0)

Junior Member

5+ Year Member

joined:Sept 12, 2009
posts: 137
votes: 0


I have few pages in my site to which I want to block direct access. For example. a visitor can only go to login page [login.php] when he has submitted the form available at index page [index.php].

I have two types of user in my site. In the index.php i ask the user to select the type of user they want to be.

To do this when the form is submitted in the index page, I am adding session value to the url. In the login page I am checking the session value from the url with current session value.

< INDEX.php page >

# Get current session values
$session = session_id();

if($radiobutton == 'c'){
}else if ($radiobutton == 'o'){

< LOGIN.php >

session_start(); // Start session

$user = $_REQUEST['user']; // Get user type
$session = $_REQUEST['session'];// Get session value

$current_session = session_id();// Get current session value

if (!$current_session = $session){

Is there any other better way to prevent user landing in the second page without being in the first page?

Thank you.
7:32 am on Apr 8, 2010 (gmt 0)

Senior Member

WebmasterWorld Senior Member 5+ Year Member

joined:Feb 22, 2009
votes: 0

Hi there impact,

Just a quick note really, this:-

if (!$current_session = $session){

Your just assigning the value there (=) your not evaluating it ie:-

if ($current_session != $session){

That compares and if not equal to the first part of the clause is true.

I assume that elsewhere in the script, you are assigning the $_POST/$_GET and not using registered globals ?

3:33 pm on Apr 8, 2010 (gmt 0)


WebmasterWorld Administrator jatar_k is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:July 24, 2001
votes: 0

let's cover one quickie

don't use $_REQUEST, test $_POST or $_GET, be specific about what you are testing, if something could come in both ways then test both explicitly instead of reverting to $_REQUEST, that includes a lot more than you think.

the login.php kinda makes my head implode, partially because of the REQUEST instead of GET but also if this works, which it actually might, I really don't think it is doing what you meant it to.

are you just trying to ensure they choose one of the types? if so then the session id really doesn't matter, drop the thought but you can put the selected value into the actual session and then test for it on the following page

$_SESSION['usertype'] = $radiobutton;

then on the next page

if ($_SESSION['usertype'] != 'o' || $_SESSION['usertype'] != 'c') {
// send them away, they haven't selected yet
} else {
// show them the proper content here

that's pretty much it
8:50 am on Apr 9, 2010 (gmt 0)

Junior Member

5+ Year Member

joined:Sept 12, 2009
votes: 0

Thank you.

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members