Good evening Stack members,
I have no experience with that im about to ask so it may be a totally stupid idea.
We have a few different pages that ask for different bits of information
On each form we have the post to the next page , then we have php code to collect the information from the previous page and fill in the next page - we have bits of code on the second page that rely on the first page to be filled in else they will just stay blank.
What we were wondering is .. is that any way for us to deny requests via the web if someone went to page2.php it redirected to page1.php or just said access denied but yet allowed access if our form posted information to page 2
I'm sorry if this is开发者_StackOverflow quite messy and i do agree if you rate me down but im just a beginner and trying to figure this out for myself , I understand a lot of you are quite knowledgeable and would be grateful for any information at all
Thanks
So basically to recap
Page 1 > User fils in information > pass > page2.php
User tries to enter page2.php into their browser url window >> denied >> redirect
on page 1 put a hidden value in the form,
<input type="hidden" id="page" name="page" value="1" />
on page 2
if($_POST['page'] !='1'){
header('Location: http://www.example.com/page1.php');
exit();
}
You could also use sessions
At the top of page1.php:
<?php
session_start();
$_SESSION['last_page'] = 1;
// your code
At the top of page2.php:
<?php
session_start();
if(! isset($_SESSION['last_page']) && $_SESSION['last_page'] == 1){
header('Location: http://domain.com/page1.php');
exit(0);
}
// if you have more pages increment the last_page count
$_SESSION['last_page']++;
// your code
You can check the REQUEST_METHOD variable to make sure the user came to the page via a POST request, like so
if ($_SERVER['REQUEST_METHOD'] === 'POST')
{
//Your code goes here
}
Or alternatively, check to see if they came by an alternate method (e.g. GET) and acct accordingly
if ($_SERVER['REQUEST_METHOD'] != 'POST')
{
//send the user back to page one
header('Location: page1.php');
//don't allow the script to continue
die('access denied!');
}
//Your code goes here
Yes, it is. You just need to store a variable (probably in the current $session
user array, or in a relative database table / file / whatever it happens to be) as a flag for the current $index
of that form proccess.
精彩评论