I want to restrict direct access to my website by entering url directly in browser in php.
Actually i search many more, all are saying use .htaccess file
but i want to restrict only those user which are entering that url directly in browser
Example:
my website having directory "payment" which is used for payment process.
when any user does shopping then my website automatically will go to that directory for payment process but if any one enters that same url in browser i want to restrict that and redirect it to home page
please help me
Thanx
You have to use a variable to say your user has the right to enter a part of your website.
For example : $_SESSION['access_page']['payment'] = true;
Then, you check this variable when a user loads a page and redirect him if necessary (or 403).
Related
I am using php and I have a "login-page.php" where a user enters a User Name and Password. After a successful login the user is redirected to the "user-page.php". Within the "user-page.php" there are links to pdf files. The problem is that if someone attempts to enter directly the url link i.e. https://www.sitename.com/filefolder/filename.pdf then the pdf file is accessible. I am looking for a way to prevent that, such that any attempt to enter a direct url link to be redirected to the "login-page.php".
Hello! I am trying to put together a landing page that will allow individuals to visit, enter an access code, and be redirected to a directory that corresponds to the access code. For example, access code is 12345, user is redirected to example.com/12345 upon submit. We will be using direct links for the most part, but in the event that someone hits a 404 or try to visit the root directory, we want to have an interface for returning to the project / an alternative way for people to access the page.
What might be the best way to redirect a user after they enter the access code in the form?
Thanks for your advice!
It's really hard to say what the 'best' solution would be as it's open to interpretation. Here's what I would do.
Instead of routing to a specific page, I would route them to a controller that includes the code and/or content from the user directory. This will allow you to secure any contents of the user directories through server configurations, and give you better programmatic control of what happens when something goes wrong.
The user key should be set to a session key but if you don't want to do that, you could set it to a POST or GET parameter just as easily.
if(array_key_exists("user",$_SESSION)){
include_once("/".$_SESSION['user'].".php");
//use the included file if it won't automatically run itself
}
else{
echo "error - missing user key";
}
I have a php file which takes in a path and file name and opens a page. Users are able to enter the path and file name directly in the url rather than navigating through the main menu page. Users also are able to change parameters in the url and view other text files which he is not supposed to view. I need to prevent users from changing the url and entering the page directly.
Can anyone help me with a way to avoid users from entering the page directly changing the parameters the url.
You can't control what resources users request.
Solve the real problem instead:
Users also are able to change parameters in the url and view other text files which he is not supposed to view
Authenticate the user so you know who they are
Authorise the user so you know if they are allowed to view the file they are asking for
Give them an error message if they are not
You can encode the parameters of the url.
Instead of having var1=a&var2=b, you can have something like var=thhr6tghfdgfe56
Your users wont be able to guess the encoded format and they will be forced to use your page/menu.
Keep track of which user id tries to access an illegal encoded url - block him after X tries.
You can use the $_SERVER['HTTP_REFERER'] server variable which
referred the user agent of the current page. This is to check
whether the user navigate from your website or directly hit the URL.
You can't control the users to change the request parameters.
Hope this will help you.
I have the following url,
www.example.com/home.php and
www.example.com/login.php
When ever I redirect to anyof these pages from php , the url of the browser should remain www.example.com.
I have tried,but I could not do anything due to lack of knowledge in mod_rewite.
Please help, thanks in advance
If you want to keep the page after login, to the same URL when the user was not login (we assume www.example.com), that's easy:
in www.example.com it loads the index.php, so we should change index.php's content.
It has this content when the user who is not logged in, first visit it:
include("htmls/index.html"); // index.html could contain whatever you like
But you add this condition, the above line is inside a condition:
if(isset($_POST['form-submit']))
{
// do the login process and if success
include("htmls/index_loggedin.html");
}
else if(is_user_logged_in()===true)
{
include("htmls/index_loggedin.html"); //
}
else
{
include("htmls/index.html"); // means the user has not submitted anything and is also not logged in
}
The above code says that if the user has logged in, process his/her login and then include
a view which is for logged in users, also if the user is already logged, also shows him/her the view which is for logged in users, otherwise, if the user is not logged, nor has sent no request of loggin in, then show him a basic view for unlogged users. I have assumed the submit button of your form is named "form-submit".
However the above naming is just for sake of clarity. For instance, you can combine index.html and index_loggedin.html into one view_index.php and then also duplicate the conditions of the main index.php to also the view_index.php.
A last note is that, you should separate the code and the view as fully as possible.
You can't do that with mod_rewrite. How should Apache know if you want home.php or login.php? You probably want to use AJAX to load the files in the background and then display the content.
You should use iframe html tag in page layout for the url of the browser remain www.example.com, when user navigates between pages. not redirect nor rewrite are not suitable for these purposes.
I'm writing a php program that redirects user to a page.(something like link shortener)
I want count pages visits without using mysql or etc. so I chose to work with a page counter service like histats but to make these services to work webpage has to be opened by user and a jsp or embeded flash has to be runned in user browser. but my program redirects user to another page that doesn't belongs to me and page on my domain wont be opened!
is there any way to make these counters to work?
You cannot normally force the user to call the counter URL. Especially when you redirect the client via http. You may save the hits in a plain file or any other database.
You should also know that the user maybe blocks the counter with an adblocker when you use a please wait for redirection message. Instat of redirect directly.