No direct linking code?

General PHP Help
#1

Hello,

Im a newbie in php. I need a code to not allow users to go directly to a link. Im not talking about hotlink protection through my cpanel. But what I want to have is: users have to go to a “first page”, before they can access the “actual page”. For example, the link I want to protect is: link.php. I want it so that they always have to pass through pass.php before they can go to link.php. When they go directly to link.php (by either entering the url or clicking a link of that page), they would be redirected to pass.php. How can I do this?

I know there’s a code for this that I have used before. But I forgot how to do it.

Please help.

#2

Not sure if our other members can think of a more simple approach, but the first thing off the top of my head is to create a session when the user hits the site, if the page they start on is not the page you want them to start on, do a header refresh to the page you want.

#3

Well, there are many many ways to secure your site’s pages. We could make many suggestions, but, scottlpool’s suggestion is the simplest and easy and fast to implement.

So, first, to explain session variables, they are basically, just a PHP variable. But, they can be passed from page to page. In normal PHP, you create a variable by assigning a value to them. Like $var_name=“value”;
This is simple and everyone understands it. Now, a “SESSION” variable is slightly different. On every page that uses them, you start a browser session. This session runs into every page that this current page calls. On each page, you tell it to use the session. Then, the variables are used with this assignment $_SESSION[“var_name”]=“value”; This allows you to pass variables from page to page.

How does this help you? Well, when a user logs in, you show a login page. You do not care who sees that page and so it does not need to be secured. Your login page calls your PHP script and if they pass validation of the passwords, you start a session and set a value to say they are okay. Then, every page on the site has code at the beginning of the code that checks for this session variable. If not valid, it goes to a NOT-ALLOWED-ACCESS page. Easy to do.

So, step by step…

At the top of EVERY page add this:
[php]

<?PHP session_start(); ?>

[/php]
You can add the one line to your existing PHP code, but, it MUST be the first command on every page in your PHP sections of code.

Next, in your code where you validate the user’s ID and password, if they pass, you assign a session variable. BEFORE the testing you set this session variable to null to make sure it is not passed to the other pages without being check first. Something like this:
[php]

<?PHP // Before testing the user ID and password $_SESSION["user_logged_in"] = ""; // If the user ID/password check is valid, add this just before redirection to the user's page $_SESSION["user_logged_in"] = "yes"; ?>

[/php]
Note: I made up the variable names and values, pick your own…

Now, that session variable stays active until you time out your page or close the browser.
So, all following pages have it to use. So, after your log in page sends the user to the link.php page, or where you want them to be, the frist part of that page tests to see if they are logged in. Like:
[php]

<?PHP if ( $_SESSION["user_logged_in"] != "yes" ) { header("Location: noaccess.html"); } ?>

[/php]
Note: what this does is if the user is NOT logged in, it sends the user to another page I called noaccess.html. In that page, you would have a warning that they are not allowed here. And, maybe give them a link back to the login page.

What all this will do is lock people out of the link.php page. If you go to that page directly, then the session variable “user_logged_in” would NOT be set and therefore would then ship you off to the no-access warning page.

Hope that all makes sense. Good luck…

#4

I need a simpler code, which does not require a login… Im thinking maybe it’s not php that I’m thinking of… Maybe javascript or something else?

#5

I just showed you the simplest code to secure your site.

There is no simple way with Javascript as it is CLIENT-SIDE only.
So, it is viewable by all users. Anyone can RIGHT-CLICK on ANY site and select VIEW-SOURCE
and see all of the Javascript on the page. They can see how you protected the page and just
go around the code. PHP on the other hand is totally SERVER-SIDE code! You can NOT see any
of that code from the client-side. (Which means from the browser.)

So you said you wanted to secure the link.php page. You could write something out to a text
file in the first page and then read that file in the second file, but, that is not secure. Any user
could just type in your URL of the link.php page and bypass everything.

What this means is if you have www.yoursite.com and you have it default to a page named pass.php,
and depending on what is done on that page to go to the link.php page. That means anyone looking
at your site, could figure out to type in www.yoursite.com/pass.php and go to that page bypassing
your security. But, with session variables, this would not be able to happen.

So, why would you want to secure it with something not secure? You are the one that is a “newbie”
at PHP, but, want to use PHP and I told you an extremely simple way to secure the pages. Why not
use it? Perhaps I am not clear on what you really want to do?

#6

I didnt need it to be so secured… Well, I did some googling and found out what I need:

<?php session_start(); $_SESSION['valid'] = "yes"; echo "Page 1"; ?>

page2.php has this script:

<?php session_start(); if ($_SESSION['valid'] != "yes") header("Location: page1.php"); echo "Page 2"; ?>
#7

You got your solution in the first reply to the thread. I have a rule as to not write entire code out for people and rather they get an answer, give it a go and ask for help if they run into trouble,

#8

That is EXACTLY what I told you.

#9

Oh yeah lol. The “logged in” words scared me haha.

#10

Glad it is working for you…

Sponsor our Newsletter | Privacy Policy | Terms of Service