how can I ensure a PAGE2.php is opened only after viewing PAGE1.php AND is opened in HTTPS?

NotGiven · NotGiven

I have a web page where certain pages have to be opened in a certain order
and should only be available when the user openes them in HTTPS.

They are all forms and the form action sends you to the next https:// page
but you can also take the S out of https:// and it opens also. That's what
I need to avoid as well as making certain they got to a certain page FROM a
certain page.

When I try:
if (isset($_SERVER['HTTPS']!='on'))
it crashes and is not even listed on php.net as a valid variable.

Many thanks

Tom Thackrey · Tom Thackrey

On 19-Nov-2003, "NotGiven" <noname@nonegiven.net> wrote:

> I have a web page where certain pages have to be opened in a certain order
> and should only be available when the user openes them in HTTPS.
>
> They are all forms and the form action sends you to the next https:// page
> but you can also take the S out of https:// and it opens also. That's
> what
> I need to avoid as well as making certain they got to a certain page FROM
> a
> certain page.
>
> When I try:
> if (isset($_SERVER['HTTPS']!='on'))
> it crashes and is not even listed on php.net as a valid variable.

Either hide something in a field on the page that you check in the next page
(if your hidden field isn't in the $_POST array you know the user didn't
come from that page) or use sessions.

--
Tom Thackrey
[url]www.creative-light.com[/url]
tom (at) creative (dash) light (dot) com
do NOT send email to [email]jamesbutler@willglen.net[/email] (it's reserved for spammers)

Eric Kincl · Eric Kincl

Tom Thackrey wrote:

>
> On 19-Nov-2003, "NotGiven" <noname@nonegiven.net> wrote:
>

>> I have a web page where certain pages have to be opened in a certain
>> order and should only be available when the user openes them in HTTPS.
>>
>> They are all forms and the form action sends you to the next https://
>> page
>> but you can also take the S out of https:// and it opens also. That's
>> what
>> I need to avoid as well as making certain they got to a certain page FROM
>> a
>> certain page.
>>
>> When I try:
>> if (isset($_SERVER['HTTPS']!='on'))
>> it crashes and is not even listed on php.net as a valid variable.

>
> Either hide something in a field on the page that you check in the next
> page (if your hidden field isn't in the $_POST array you know the user
> didn't come from that page) or use sessions.
>

You could do it with sessions.

on the first page: (start the sessions and all that good stuff)
$_SESSION['pageone'] = true

on page two:
if($_SESSION['pageone'] == true){
$_SESSION['pagetwo'] = true;
pagetwostuff();
}
else{
echo "Please visit page one first!";
echo "<a href="pageone">page one</a>";
}

continue if you have page 3, etc...
if($_SESSION['pageone'] == true && $_SESSION['pagetwo'] == true)

if you have lots of pages in sequence, you may want to figure out a way to
do this with an array instead of individual arrays. ie:
pages[0] == true; // visited page one
pages[1] == true; // visited page two
pages[2] == false; // didnt visit page three/on page 3 perhaps?
pages[3] == false; // didnt visit page four

Good Luck!

-Eric Kincl

Thi Nguyen · Thi Nguyen

You could also look into the referer and see whether it came from
[url]https://yourdomain.com/page1.php[/url] or not, etc etc

"Tom Thackrey" <use.signature@nospam.com> wrote in message
news:vuOub.32665$Hl4.15862@newssvr25.news.prodigy. com...

>
> On 19-Nov-2003, "NotGiven" <noname@nonegiven.net> wrote:
>

> > I have a web page where certain pages have to be opened in a certain

order

> > and should only be available when the user openes them in HTTPS.
> >
> > They are all forms and the form action sends you to the next https://

page

> > but you can also take the S out of https:// and it opens also. That's
> > what
> > I need to avoid as well as making certain they got to a certain page

FROM

> > a
> > certain page.
> >
> > When I try:
> > if (isset($_SERVER['HTTPS']!='on'))
> > it crashes and is not even listed on php.net as a valid variable.

>
> Either hide something in a field on the page that you check in the next

page

> (if your hidden field isn't in the $_POST array you know the user didn't
> come from that page) or use sessions.
>
> --
> Tom Thackrey
> [url]www.creative-light.com[/url]
> tom (at) creative (dash) light (dot) com
> do NOT send email to [email]jamesbutler@willglen.net[/email] (it's reserved for spammers)

FLEB · FLEB

On Wed, 19 Nov 2003 18:01:41 -0800, Thi Nguyen wrote:

> You could also look into the referer and see whether it came from
> [url]https://yourdomain.com/page1.php[/url] or not, etc etc
>
>
>
> "Tom Thackrey" <use.signature@nospam.com> wrote in message
> news:vuOub.32665$Hl4.15862@newssvr25.news.prodigy. com...

>>
>> On 19-Nov-2003, "NotGiven" <noname@nonegiven.net> wrote:
>>

>>> I have a web page where certain pages have to be opened in a certain

> order

>>> and should only be available when the user openes them in HTTPS.
>>> (snip)

Watch that, though... referers are sent by the browser, and can be easily
faked or omitted.
--
-- Rudy Fleminger
-- [email]sp@mmers.and.evil.ones.will.bow-down-to.us[/email]
(put "Hey!" in the Subject line for priority processing!)
-- [url]http://www.pixelsaredead.com[/url]

Jonathan · Jonathan

> They are all forms and the form action sends you to the next https:// page

> but you can also take the S out of https:// and it opens also. That's

what

> I need to avoid as well as making certain they got to a certain page FROM

a

> certain page.
>
> When I try:
> if (isset($_SERVER['HTTPS']!='on'))
> it crashes and is not even listed on php.net as a valid variable.

Try this instead:

if (isset($_SERVER['HTTPS'])!='on')

Bye,
Jonathan

NotGiven · NotGiven

That caused page failure. I can't find anything anywhere that talks about
HTTPS being a parameter in $_SERVER

Thanks.

"Jonathan" <jonathan@tricolon.com> wrote in message
news:3fbfc77e$0$1494$e4fe514c@news.xs4all.nl...

> > They are all forms and the form action sends you to the next https://

page

> > but you can also take the S out of https:// and it opens also. That's

> what

> > I need to avoid as well as making certain they got to a certain page

FROM

> a

> > certain page.
> >
> > When I try:
> > if (isset($_SERVER['HTTPS']!='on'))
> > it crashes and is not even listed on php.net as a valid variable.

>
> Try this instead:
>
> if (isset($_SERVER['HTTPS'])!='on')
>
> Bye,
> Jonathan
>
>

Jonathan · Jonathan

> That caused page failure. I can't find anything anywhere that talks about
> HTTPS being a parameter in $_SERVER
>
> Thanks.
>

> > if (isset($_SERVER['HTTPS'])!='on')

Sorry, my mistake ;) If a var is not set then it will definately not contain
the value 'on'. So you can just use this:

if ($_SERVER['HTTPS']!='on')

Bye,
Jonathan

Janwillem Borleffs · Janwillem Borleffs

"Jonathan" <jonathan@tricolon.com> schreef in bericht
news:3fc09484$0$1505$e4fe514c@news.xs4all.nl...

>
> Sorry, my mistake ;) If a var is not set then it will definately not

contain

> the value 'on'. So you can just use this:
>
> if ($_SERVER['HTTPS']!='on')
>

This line will throw a warning when the key doesn't exist with the proper
error reporting level. Therefore, it's saver, and also good practice, to use
isset to check if the variable has been set:

if ( isset($_SERVER['HTTPS']) && $_SERVER['HTTPS']!='on' )

JW

R. Rajesh Jeba Anbiah · R. Rajesh Jeba Anbiah

"Janwillem Borleffs" <jw@jwscripts.com> wrote in message news:<3fc0a241$0$202$1b62eedf@news.euronet.nl>...

> "Jonathan" <jonathan@tricolon.com> schreef in bericht
> news:3fc09484$0$1505$e4fe514c@news.xs4all.nl...

> >
> > Sorry, my mistake ;) If a var is not set then it will definately not

> contain

> > the value 'on'. So you can just use this:
> >
> > if ($_SERVER['HTTPS']!='on')
> >

>
> This line will throw a warning when the key doesn't exist with the proper
> error reporting level. Therefore, it's saver, and also good practice, to use
> isset to check if the variable has been set:
>
> if ( isset($_SERVER['HTTPS']) && $_SERVER['HTTPS']!='on' )

AFAIK, 'on' is not guaranteed. So,
$is_https = (!empty($_SERVER['HTTPS'])); is the correct check (IMHO)

---
"Dying is an art, like everything else"---Sylvia Plath
Email: rrjanbiah-at-Y!com

how can I ensure a PAGE2.php is opened only after viewing PAGE1.php AND is opened in HTTPS?

Thread Tools

Display

how can I ensure a PAGE2.php is opened only after viewing PAGE1.php AND is opened in HTTPS?

Similar Questions and Discussions

MDB Opened Excludively

Services not getting opened

to ensure that you are viewing the latest webpage

site can't be opened by others

[DIR]Opened movie

Re: how can I ensure a PAGE2.php is opened only after viewing PAGE1.php AND is opened in HTTPS?

Re: how can I ensure a PAGE2.php is opened only after viewing PAGE1.php AND is opened in HTTPS?

Re: how can I ensure a PAGE2.php is opened only after viewing PAGE1.php AND is opened in HTTPS?

Re: how can I ensure a PAGE2.php is opened only after viewing PAGE1.php AND is opened in HTTPS?

Re: how can I ensure a PAGE2.php is opened only after viewing PAGE1.php AND is opened in HTTPS?

Re: how can I ensure a PAGE2.php is opened only after viewing PAGE1.php AND is opened in HTTPS?

Re: how can I ensure a PAGE2.php is opened only after viewing PAGE1.php AND is opened in HTTPS?

Re: how can I ensure a PAGE2.php is opened only after viewing PAGE1.php AND is opened in HTTPS?

Re: how can I ensure a PAGE2.php is opened only after viewing PAGE1.php AND is opened in HTTPS?

Posting Permissions