Ask a Question related to PHP Development, Design and Development.
-
sam #1
Re: Securing the sequence of pages
Suppose we want this sequence:
file1.php -> file2.php -> file3.php
in the start of the file file1.php put:
----------------------------------------
session_start();
if(!isset($_SESSION['file_to_show'])) // we have a new user
{
$_SESSION['file_to_show'] = 2; // next page to show is file2.php
}
in the start of the file file2.php put:
----------------------------------------
session_start();
// if our new user is coming directly to this page
if(!isset($_SESSION['file_to_show']))
{
// send him to the first page
header("Location: file1.php");
}
else
{
// if the user did visit page1 (file1.php)
if($_SESSION['file_to_show']==2)
{
// next page to show is file3.php
$_SESSION['file_to_show'] = 3;
}
else
{
// if the user did not visit the 3 pages
if($_SESSION['file_to_show']!=123)
// we send him back to the first page
header("Location: file1.php");
}
}
in the start of the file file3.php put:
----------------------------------------
session_start();
// if our new user is comming directly to this page
if(!isset($_SESSION['file_to_show']))
{
// send him to the first page
header("Location: file1.php");
}
else
{
// if the user did visit page1 but not page2
if($_SESSION['file_to_show']==2)
{
// send him to page2
header("Location: file2.php");
}
else
{
// if the user did visit page1 and page2
if($_SESSION['file_to_show']==3)
{
//set session variable to 123 => all pages are visited
// so we don't stop the user from going directly to any page
$_SESSION['file_to_show'] = 123;
}
else
{
if($_SESSION['file_to_show']!=123)
header("Location: file1.php");
}
}
}
Hope this helps.
"Jeremy Smih" <spliffy@telia.com> wrote in message news:<pan.2003.07.05.21.33.32.864003@telia.com>...> Hi,
>
> I'm looking for a way to secure the sequence in which someone can
> look at web pages. What I have is a registration process where
> the registrant have to read some policies before he/she can enter
> any information. Like:
>
> policy page -> some form -> another form .... etc
>
> How can I be sure of that the registrant really viewed the pages
> in that order? I have thought of different crypt-solutions where
> I crypt the users IP together with some password and send it to
> the next page for checking, but that doesn't stop a user from
> going directly to the last page once he/she has completed the
> sequence one time. Does sessions work? The downside with that
> is that it uses cookies, but I suppose I can live with that if
> there is no way (well, at least no easy way) someone can break
> the page order. How secure are sessions? Is there any risk that
> once a registrant has completed the sequence he/she can reuse that
> cookie?
>
> Hope some of you guys have a solution :)
>
> //Jeremysam Guest
-
Securing a web service
Hi. Whats the best practice to secure a webserivce, basically I have already secured the webservice with XHEO however I need the webservice to... -
Securing a directory
Hi everyone, I just read an article that said that when you use a web.config file to secure a directory, all it can do is secure the asp.net... -
securing pages and forms from users
Hope someone can help. I am trying to build an application that will allow a user to access/deny an application, the application's individual... -
Securing POP3
Greetings! What options do I have for securing POP3 on a Debian server? I've got clients connecting with all varieties of platforms (proprietary... -
securing data in asp.net
Hi everyone, I am new to asp.net development, and need help on security, I am developing a web application that would be accessed from the...
Reply With QuoteSimilar Questions and Discussions
Posting Permissions
- You may not post new threads
- You may post replies
- You may not post attachments
- You may not edit your posts
