determine page person came from on page load by passed variable? 1

[selaine]

I originally placed this in the VBScript forum, but decided to put it here (hope that isn't a problem). Does anyone know how I could read in a hidden value that was submitted from a previous page? Specifically, I need to validate whether or not someone has just come from a previous page "disclaimer.html". So, basically when someone clicks on the "I Agree" button they would go to viewer.html where it would read the value of a hidden field from a form on disclaimer.html. If they click on the "I disagree button I would either have the disclaimer page reload, or an error page come up (with a link back to the disclaimer page telling them that they can't view the page without agreeing to the disclaimer. If the person has not come from the disclaimer page, then an error page would open. This would force them to agree to the disclaimer before being allowed to view the page. I want to prevent someone from just being able to type in the url, without agreeing to the disclaimer. Any help would be greatly appreciated. The boss would like this figured out by the end of the week, and I'm just learning this stuff.

P.S. I cannot change the name of the viewer.html page (ie., can't change it to viewer.asp, etc.,)
Thanks!!!

 

[SashiRaveendran]

unfortunately url and cookies are the only ways of persisting data across html pages. I dont think javascript can access the form obect from another page.
Shame you cant use ASP

 

[mwolf00]

in javascript you can use the location object to detect the querystring....

If url for page is "myPage.htm?fromhere"

<script>
qStr = location.search
if (qStr != &quot;?fromhere){
document.location = &quot;agree.htm&quot;
}
</script>
-- Just trying to help...
<--- This is a wolf? We need a new icon.......
mikewolf@tst-us.com

 

[mwolf00]

Typo:
if (qStr != &quot;?fromhere&quot;){

Please note that this solution isn't infallable... Someone could view your source code on the originating page or catch the address in the location bar.

I recommend that you put a disclaimer on the calling page's source code that says by viewing this code, you agree to the terms listed.... -- Just trying to help...
<--- This is a wolf? We need a new icon.......
mikewolf@tst-us.com

 

[selaine]

Not sure what you mean &quot;put a disclaimer on the calling page's source code that says by viewing this code, you agree to the terms listed.... &quot;??

 

[mwolf00]

Someone can view the source code and put that called address in the address bar and technically never click the &quot;Agree&quot; button. I don't know if it would stand in court, but it can't hurt to put a comment in the code that says they are agreeing by viewing the source code... -- Just trying to help...
<--- This is a wolf? We need a new icon.......
mikewolf@tst-us.com

 

[Tarwn]

Basically just place a commented text paragraph at the top of your javascript that states:
/*
Use of the code in the source script to enter the site will be considered impled consent to the terms listed on this page.
*/

-Tarwn --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- ---
For my next trick I will pull a hat out of a rabbit (if you think thats bad you should see how the pigeon feels...)

 

[selaine]

I was almost positive that I wouldn't be able to change the name of my viewer.htm file to viewer.asp, because it's part of a very complex website that uses XML and interactive maps. I just did a search of all the pages in the website and found that it's used as the main page for the website, so I see no reason why I can't rename the extension to .asp. So, on that note, I'd rather use ASP/VBScript so the users won't see the code. How could I accomplish my task using that method. When viewer.asp opens, I'd have to verify that they agreed to the disclaimer (by passing a value from a hidden form perhaps, but then again, I'm a newbie) If the request.form field value is null, then they would be referred to an error page (with a link to the disclaimer page) telling them they must agree to the disclaimer or they can't open viewer.asp??? Any ideas on how to best accomplish this??? Thanks a million!!

 

[Tarwn]

Using your hidden field:
Make your agree button and disagree buttons submit a small form like so:

<form method=&quot;POST&quot; action=&quot;viewer.asp&quot; name=&quot;frmAgree&quot;>
   <input type=&quot;text&quot; name=&quot;agreed&quot; value=&quot;&quot;>
   <input type=&quot;submit&quot; value=&quot;Agree&quot; onClick=&quot;frmAgree.agreed.value='yes';&quot;>
   <input type=&quot;submit&quot; value=&quot;Disagree&quot;>
</form>

Then on viewer.asp:
If Request.Form(&quot;agreed&quot;) <> &quot;yes&quot; Then
   Response.Redirect &quot;disclaimer.html&quot;
End If

Much easier with a little ASP
The only problem here is that if they come to this main page from one of the inner links in the site, they will get booted to the disclaimer again, so you may want to store a value just in case:

If Request.Form(&quot;agreed&quot;) <> &quot;yes&quot; AND Session(&quot;disclaimer&quot;) <> &quot;yes&quot; Then
   Response.Redirect &quot;disclaimer.html&quot;
Else
   Session(&quot;disclaimer&quot;) = &quot;yes&quot;
End If

Now the first time they come here the session variable will be set to yes. Then on each remaining trip to this mainscreen from internal links they will still have the session variable so they will not be kicked back out to the disclaimer again.

Hope this helps,
-Tarwn --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- ---
For my next trick I will pull a hat out of a rabbit (if you think thats bad you should see how the pigeon feels...)

 

[selaine]

But what can I do to prevent the person from bypassing the disclaimer page by just typing in the url? Here's my present code (since I'm a newbie, forgive any bad ideas). There are 3 pages. Disclaimer.htm, DisclaimerError.htm, and Viewer.asp. If the person came from the disclaimer page and clicked on the agreed button the Viewer.asp page would open with no problem. If they click disagree, the page would go to DisclaimerError.htm. But if they just type in the url or who knows where, I want them to be sent to the DisclaimerError.htm (or DisclaimerError.asp, whatever is necessary)

Code for Disclaimer (test) page:

<html>
<head>
<title>Disclaimer Page</title>
</head>
<body text=&quot;#000000&quot; bgcolor=&quot;#FFFFCC&quot; link=&quot;#0000EE&quot; vlink=&quot;#551A8B&quot; alink=&quot;#FF0000&quot;>
<b><font face=&quot;Arial,Helvetica&quot; color=&quot;#000099&quot; size=+3></font></b>&nbsp;<b><font face=&quot;Arial,Helvetica&quot;><font color=&quot;#000099&quot;><font size=+3></font></font></font></b>
<center>
<p><b><font face=&quot;Arial,Helvetica&quot; color=&quot;#000099&quot; size=+3>Disclaimer Page</font></font></font></b><b><font face=&quot;Arial,Helvetica&quot;><font color=&quot;#000099&quot;><font size=+3></font></b>
<p><b><font face=&quot;Arial,Helvetica&quot; color=&quot;#000099&quot;>By clicking below
you agree to this stuff!!!</font></b></center>
<center>
<table COLS=2 WIDTH=&quot;60%&quot;>
<tr>
<td>
<form method=&quot;POST&quot; action=&quot;viewer.asp&quot; name=&quot;frmAgree&quot;>
<input type=&quot;hidden&quot; name=&quot;agreed&quot; value=&quot;&quot;>
<center>
<table COLS=2 WIDTH=&quot;60%&quot; >
<tr>
<td>
<center><input type=&quot;submit&quot; value=&quot;Agree&quot; onClick=&quot;frmAgree.agreed.value='yes';&quot;></center>
</td>
<td>
</center><input type=&quot;submit&quot; value=&quot;Disagree&quot; onClick=&quot;frmAgree.agreed.value='no';&quot;;></center>
</td>
</tr>
</table>
</form>
</td>
</tr>
</table>
</center>
<b><font face=&quot;Arial,Helvetica&quot; color=&quot;#000099&quot;></font></b>
</body>
</html>

Code for the DisclaimerError.htm test Page:
<html>
<head>
<title>Disclaimer Page</title>
</head>
<body text=&quot;#000000&quot; bgcolor=&quot;#FFFFCC&quot; link=&quot;#0000EE&quot; vlink=&quot;#551A8B&quot; alink=&quot;#FF0000&quot;>
<b><font face=&quot;Arial,Helvetica&quot; color=&quot;#000099&quot; size=+3></font></b>&nbsp;<b><font face=&quot;Arial,Helvetica&quot;><font color=&quot;#000099&quot;><font size=+3></font></font></font></b>
<center>
<p><b><font face=&quot;Arial,Helvetica&quot; color=&quot;#000099&quot; size=+3>Error
Page...</font></b>
<p><b><font face=&quot;Arial,Helvetica&quot; color=&quot;#000099&quot;>I'm sorry you
cannot view this page without agreeing to our Disclaimer.</font></b>
<p><b><font face=&quot;Arial,Helvetica&quot; color=&quot;#000099&quot;><a href=&quot;Disclaimer.htm&quot;>Click
here</a> to go to the Disclaimer Page.</font></b></center>
</body>
</html>

Code for the Viewer.asp test page:
<%Option Explicit
Response.buffer = &quot;true&quot;

'Declare variables
Dim strAgreed
'Grab variables from the querystring.
strAgreed=Request.Form(&quot;agreed&quot

If strAgreed = null or strAgreed = &quot;&quot; Then
Response.Redirect &quot;DisclaimerError.htm&quot;
End If
%>
<html>
<head>
<title>viewer</title>
</head>
<body text=&quot;#000000&quot; bgcolor=&quot;#FFFFCC&quot; link=&quot;#0000EE&quot; vlink=&quot;#551A8B&quot; alink=&quot;#FF0000&quot;>
<center><b><font face=&quot;Arial,Helvetica&quot; color=&quot;#000099&quot; size=+3>This
is the viewer.htm page.</font></b>
<br><b><font face=&quot;Arial,Helvetica&quot; color=&quot;#000099&quot; size=+3>You
have successfully viewed and agreed to the disclaimer!</font></b>
<br><b><font face=&quot;Arial,Helvetica&quot; color=&quot;#000099&quot; size=+3>Thank
You!!!</font></b></center>
</body>
</html>

Thanks for your help!!!

 

[mwolf00]

Here's the basics of what you need in your pages...

login.htm

<form action=&quot;agreed.asp&quot; method=&quot;post&quot;>
<input type=submit value=&quot;I agree&quot;>
<input type=button value=&quot;I DO NOT agree&quot; onClick=&quot;window.location = 'disagree.htm'&quot;>
</form>


agreed.asp

<%
IF request.servervariables(&quot;REQUEST_METHOD&quot = &quot;POST&quot; THEN 'this page was called by a posted form'
session(&quot;agreed&quot = &quot;yep&quot;
response.redirect &quot;yourIN.asp&quot;
ELSE
response.redirect &quot;login.htm&quot;
END IF

%>



yourIn.asp AND ALL OTHER PROTECTED PAGES ON YOU SITE:
in the top of the page

IF session(&quot;agreed&quot <> &quot;yep&quot; THEN response.redirect &quot;login.htm&quot;

-- Just trying to help...
<--- This is a wolf? We need a new icon.......
mikewolf@tst-us.com

 

[kcsants]

To even lock it down further you can use this script to protect every page on your website. Actually, thats the way it is scripted now. You will need to modify or eliminate the GetHost Function to read the whole URL instead of just the host name. If needed I can break it down further... good luck.

referers = Array(&quot;yourdomain.com&quot;,&quot;yourdomain&quot

validReferer = false
referer = GetHost(Request.ServerVariables(&quot;HTTP_REFERER&quot)

for each host in referers
if host = referer then
validReferer = true
end if
next

if not validReferer then
if referer = &quot;&quot; then
response.redirect (&quot;ERROR.ASP&quot 'add code to your needs
else
response.redirect (&quot;DISCLAIMER.ASP&quot ' add code to your needs
end if
end if

'Breaks down Referer URL

function GetHost(url)

dim i, s

GetHost = &quot;&quot;

'Strip down to host or IP address and port number, if any.

if Left(url, 7) = &quot;

http://&quot;

then
s = Mid(url, 8)
elseif Left(url, 8) = &quot;

https://&quot;

then
s = Mid(url, 9)
end if
i = InStr(s, &quot;/&quot
if i > 1 then
s = Mid(s, 1, i - 1)
end if

getHost = s

end function