In my page, I'm using a javascript function
<script>
function redirect(){
window.location="hurray.php";
}
</script>
Calling the function from the line below.
<input id="开发者_JAVA百科search_box" name="textbox" type="text" size="50" maxlength="100" onkeypress="redirect()" />
Now I want to make it sure that the page 'hurray.php' is visited only from this action. If I typed the direct URL to 'hurray' page, I should not be able to visit this page, rather redirect it to this previous page.
Make an AJAX call to a PHP function that will set a variable in the session. When the AJAX call returns response redirect the user to this page and check for the session variable. You can delete it if you do not want the user to be able to visit it again for this session.
You cannot do this using javascript alone, I don't think.
You need to intercept this on the server and handle it accordingly.
Your probably going to need a token to be sent along with the redirect, you can then validate this token server side and allow the redirect to complete or do some other action if the user has been sent there in error or by typing in the URL directly.
Why are you wanting to do this in the example you give? Surely this would lead the user away from the search form and to another page?
Extend your function so it sets a cookie via "document.cookie", then check via JS ,PHP or whatever on the target page if the cookie is set and redirect somewhere else if not, quite simple. Of Course thats not really secure!
Does your example contain real code, or have you just included someething that's made up to make the question simpler to ask?
It seems a strange thing to do - providing the user with a search box and then, as soon as they start typing, redirect them to another page.
If you are doing a search, and you only want the earch page to be triggered from a form, rather than by the user typing in the URL, then consider setting the form method to 'POST' and checking for this on the search page. If the method is 'GET', then the URL was typed manually, and you can redirect back to the original page.
Admittedly, this technically violates the recommendations for the use of 'POST', which should only be for operations that change information, rather than 'GET' which should be used when asking for information. However, this is one occasion where this might be excusable.
Another approach that you could use is to generate a unique key of some kind, and store this in a hidden field of the form, the check for this before deciding whether to redirect to the original page. This would require some kind of reliable key generation scheme, making it slightly trickier, but not impossible.
精彩评论