Need to know if 3 things are possible in PHP.


#1

I’m working on an Invite script where one user who is a member of a community can invite 3 other users. I need this script to be very secure so i need to know a few things.

Ok i need to know if in PHP it is possible to restrict the use of right click, so people cannot view the source of the page. Also need to know if it’s possible to restrict the use of the back button, this script needs to be secure so i would rather not have users be able to go back and invite more users with the back button. As well is is possible to restrict the ability to bookmark any of the pages in this site?

I figure this would probbly be most easily done with a include line in each page for the script that would do all 3. I am wondering if someone would be able to point me in the right direction to figure this stuff out.


#2

I doubt you will be able to do any of these things in PHP as its server side and the things you are describing are client side. Restricting the right click can be accomplished using javascript, but I am not sure of the other two.

Either way, you should be looking at javascript to accomplish what you want and not PHP.

:)

#3

As carella stated you should look into Javascript for those type of things. Although the whole not wanting people to go back there are ways of doing that with PHP. It would let them go back, but you could probably figure out some way of making it so once they have viewed and submitted the results of the form that it wouldn’t let them do it again.


#4

Well as the other users have suggested, it can be restricted by use of javascript. Problem is, is that the web (regardless of it’s dynamic capablities) still presents HTML in a static way. You can limit me from right clicking, however, that does not limit me from going to the VIEW menu and clicking on VIEW SOURCE (or what ever your particular browser calls it.) Even if you remove the menu’s (again with Javascript), those who are savy enough can still get to view the source. (For those who don’t know I will not explain it here). So the long and short of this answer is, Yes you can restrict users from right clicking, but NO you can not (ultimately) restrict them from viewing the source of the Dynamically created Static page.

Again, this can be done with Javascript. You must now start deleting HISTORY items. And again, to the technically savy, there is always away around this not the least of which is to deny javascript from running in your browser.

This is probably the easiest one to achieve. In a round about way, it will help you with the History as well. Send all you data using a POST method. Then the data must be sent/requested each time the page is visited. In your code you can check various things to ensure it’s a fresh (so to speak) request (maybe by sessions and/or cookies) before offering up the page. If it’s not, then deny the request and redirect.


#5

Thanks alot for the help guys, i actually made it real easy on myself by making the index of the site popup the site in a popup window with no menu or buttons. Making it easy for me to restrict the access to the view source and back buttons, also added java script to restrict the right click. The index page is also set so once the child popup window is opened it closes itself.


#6

Don’t be fooled into thinking you can block your HTML code from the user. Popup or not, menu or not, I can still view your HTML code if I want to and it’s not very difficult.

Don’t get me wrong, what you have done probably stops the casual looker from seeing it, but if someone really want’s it, with very little effort it’s there’s for the taking.

About the only other way to prevent anyone from seeing the HTML code (or the bulk of it anyway) would be to use tools that would actually generate the output as an image. (but obviously that’s not without it’s set of problems either).

As a final note, if your concern is blccking the PHP code, have no fear that that all stays server side.

Anyway… good luck.


#7
As a final note, if your concern is blocking the PHP code [i](from being viewed)[/i], have no fear that that all stays server side.

added that little italicized jiggy meself.

anywho, i thought i’d clarify a bit… since php is a server-side scripting language, that means that the client who is viewing a php page will see none of the php that is in your script - php outputs raw html, which is all that can be seen by a client if they view source. hence the name, client-side (typically associated with javascript) and server-side (mostly associated with php). client-side script is rendered by the user’s browser, server-side is rendered by the server and the server sends a page that is rendered client-side in html/javascript.