Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Page redirect based on refering page 1

Status
Not open for further replies.
SteweGriffin

SteweGriffin

Technical User
Dec 16, 2009
14
GB
Hello,

I have a page ( UploadFile.php ) that is access via another page ( LogIn.html ) which uses, at the moment, a predefined access code and password.

That works great.

What I would like to do is restrict access to UploadFile.php so that it will only open if the last / refering page is LogIn.html, thus stopping people from saving the UploadFile.php into the favorites and bypassing the LogIn.html page everytime.

I've been trying to do this and found some PHP code which uses $HTTP_REFERER, but I seem to be getting a NULL value from this, and end up going round in a loop

See Code ---
<?
$ref = $HTTP_REFERER;
$desired = 'if ($ref != $desired)
{
header('Location:}
else
{
header('Location:}
?>
-----

I do not have access to my .htaccess file. Mt ISP will not allow me to.

Please can someone either point out where I am going wrong, or point me in the direction of a better way of doing this?

feherke and BigRed1212 on the html forum pointed out that if I stored the login info in $_SESSION and redirect the to the login page if is not logged in or the login expired, but I am VERY nex wo php and do not know how to do this.

My login page code is VERY simple, and could definately be better

code ---
<p class="style3" style="width: 460px; height: 31px;">Access Code       :
<input type="text" name="text2" style="width: 235px">
</p>
<p class="style1" style="width: 458px; height: 38px;"> Access Password :
<input type="password" name="text1" style="width: 233px"></p>
<p class="style2" style="width: 357px; height: 26px;">  <input type="button" value="Check In" name="Submit" style="color: #FFFFFF; background-color: #000000; background-image: url('images/btnbck.gif'); border-color: #000000"; onclick=javascript:validate(text2.value,"USERCODE",text1.value,"PASSWORDCODE") >
</p>
-----
I my defense, I was planing on encryping the page once I got it to work.

So any Advice will be great to get me going.

Thanks
 
Sort by date Sort by votes
Hi

SteweGriffin said:
I my defense, I was planing on encryping the page once I got it to work.
Click to expand...
Do not mention this anywhere else. This is a very bad joke.

Here is a basic skeleton of how a simple authentication is usually done :
Code: 
[teal]<?php[/teal]

[COLOR=darkgoldenrod]session_start[/color][teal]();[/teal]

[teal]?>[/teal]

[gray]<!-- ... -->[/gray]

[teal]<[/teal]form action[teal]=[/teal][green][i]"enter.php"[/i][/green] method[teal]=[/teal][green][i]"post"[/i][/green][teal]>[/teal]
User [teal]:[/teal] [teal]<[/teal]input type[teal]=[/teal][green][i]"text"[/i][/green] name[teal]=[/teal][green][i]"user"[/i][/green][teal]><[/teal]br[teal]>[/teal]
Pass [teal]:[/teal] [teal]<[/teal]input type[teal]=[/teal][green][i]"password"[/i][/green] name[teal]=[/teal][green][i]"pass"[/i][/green][teal]><[/teal]br[teal]>[/teal]
[teal]<[/teal]input type[teal]=[/teal][green][i]"submit"[/i][/green] value[teal]=[/teal][green][i]"Log in"[/i][/green][teal]>[/teal]
[teal]</[/teal]form[teal]>[/teal]
Code: 
[teal]<?php[/teal]

[COLOR=darkgoldenrod]session_start[/color][teal]();[/teal]

[b]if[/b] [teal](![/teal][navy]$_POST[/navy][teal][[/teal][green][i]'user'[/i][/green][teal]][/teal] [teal]||[/teal] [teal]![/teal][navy]$_POST[/navy][teal][[/teal][green][i]'pass'[/i][/green][teal]])[/teal] [teal]{[/teal]
  [COLOR=darkgoldenrod]header[/color][teal]([/teal][green][i]'Location: login.php'[/i][/green][teal]);[/teal]
  [b]exit[/b][teal];[/teal]
[teal]}[/teal]

[b]if[/b] [teal]([/teal][navy]$_POST[/navy][teal][[/teal][green][i]'user'[/i][/green][teal]]==[/teal][green][i]'USERCODE'[/i][/green] [teal]&&[/teal] [navy]$_POST[/navy][teal][[/teal][green][i]'pass'[/i][/green][teal]]==[/teal][green][i]'PASSWORDCODE'[/i][/green][teal])[/teal] [navy]$_SESSION[/navy][teal][[/teal][green][i]'user'[/i][/green][teal]]=[/teal][navy]$_POST[/navy][teal][[/teal][green][i]'user'[/i][/green][teal]];[/teal]

[teal]?>[/teal]

[gray]<!-- ... -->[/gray]

[teal]<?php[/teal] [b]if[/b] [teal]([/teal][navy]$_SESSION[/navy][teal][[/teal][green][i]'user'[/i][/green][teal]])[/teal] [teal]{[/teal] [teal]?>[/teal]

Now you are logged in [b]as[/b] user [teal]<?php[/teal] [b]echo[/b] [navy]$_SESSION[/navy][teal][[/teal][green][i]'user'[/i][/green][teal]];[/teal] [teal]?>.[/teal]

[teal]<?php[/teal] [teal]}[/teal] [b]else[/b] [teal]{[/teal] [teal]?>[/teal]

Login failed[teal].[/teal] Go back to the [teal]<[/teal]a href[teal]=[/teal][green][i]"login.php"[/i][/green][teal]>[/teal]login page[teal]</[/teal]a[teal]>[/teal] [b]and[/b] try again[teal].[/teal]

[teal]<?php[/teal] [teal]}[/teal] [teal]?>[/teal]
Code: 
[teal]<?php[/teal]

[COLOR=darkgoldenrod]session_start[/color][teal]();[/teal]

[b]if[/b] [teal](![/teal] [navy]$_SESSION[/navy][teal][[/teal][green][i]'user'[/i][/green][teal]])[/teal] [teal]{[/teal]
  [COLOR=darkgoldenrod]header[/color][teal]([/teal][green][i]'Location: login.php'[/i][/green][teal]);[/teal]
  [b]exit[/b][teal];[/teal]
[teal]}[/teal]

[teal]?>[/teal]

[gray]<!-- ... -->[/gray]

Hello user [teal]<?php[/teal] [b]echo[/b] [navy]$_SESSION[/navy][teal][[/teal][green][i]'user'[/i][/green][teal]];[/teal] [teal]?>,[/teal] feel free to upload[teal].[/teal]
Code: 
[teal]<?php[/teal]

[COLOR=darkgoldenrod]session_start[/color][teal]();[/teal]

[b]unset[/b][teal]([/teal][navy]$_SESSION[/navy][teal][[/teal][green][i]'user'[/i][/green][teal]]);[/teal]

[teal]?>[/teal]

[gray]<!-- ... -->[/gray]

You are now logged out[teal].[/teal]

Feherke.
 
Upvote 0 Downvote
Hi feherke,
Thank again for the help and the very comprehensive code.
I cut and pasted them into my code, but I have a problem with the login script.

It dosn't matter what i put in as the usercode and passwordcode section, enter.php always tells me that i'm , logged in as USERCODE.

Can you advise please?

Thanks again
 
Upvote 0 Downvote
Sure, thanks.

ENTER.php
Code: 
<?php

session_start();

if (!$_POST['user'] || !$_POST['pass']) {
  header('Location: login.php');
  exit;
}

if ($_POST['user']=='USERCODE' && $_POST['pass']=='PASSWORDCODE') $_SESSION['user']=$_POST['user'];

?>

<!-- ... -->

<?php if ($_SESSION['user']) { ?>

Now you are logged in as user <?php echo $_SESSION['user']; ?>.

<?php } else { ?>

Login failed. Go back to the <a href="login.php">login page</a> and try again.

<?php } ?>


The <Form> code from my login page
Code: 
<form action="enter.php" method="post">
<p class="style3" style="width: 460px; height: 31px;">Access Code&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : 
  <input type="text" name="user">
</p>
<p class="style1" style="width: 458px; height: 38px;"> Access Password : 
<input type="password" name="pass"></p>
	<p class="style2" style="width: 357px; height: 26px;"> &nbsp;<input type="submit" value="Log in" value="Check In" name="Submit"  style="color: #FFFFFF; background-color: #000000; background-image: url('images/btnbck.gif'); border-color: #000000"; >
</p>
</form>
Chears
 
Upvote 0 Downvote
Hi

SteweGriffin said:
It dosn't matter what i put in as the usercode and passwordcode section, enter.php always tells me that i'm , logged in as USERCODE.
Click to expand...
Oops. Your above quoted sentence made me think that you changed something in enter.php.

But finally I understood what you meant : I forgot the [tt]else[/tt] part to handle the authentication failure.
Code: 
[teal]<?php[/teal]

[COLOR=darkgoldenrod]session_start[/color][teal]();[/teal]

[b]if[/b] [teal](![/teal][navy]$_POST[/navy][teal][[/teal][green][i]'user'[/i][/green][teal]][/teal] [teal]||[/teal] [teal]![/teal][navy]$_POST[/navy][teal][[/teal][green][i]'pass'[/i][/green][teal]])[/teal] [teal]{[/teal]
  [COLOR=darkgoldenrod]header[/color][teal]([/teal][green][i]'Location: login.php'[/i][/green][teal]);[/teal]
  [b]exit[/b][teal];[/teal]
[teal]}[/teal]

[navy]$allowed[/navy][teal]=[/teal][b]array[/b][teal]([/teal]
  [green][i]'USERCODE'[/i][/green][teal]=>[/teal][green][i]'PASSWORDCODE'[/i][/green][teal],[/teal]
  [green][i]'foo'[/i][/green][teal]=>[/teal][green][i]'bar'[/i][/green][teal],[/teal]
  [green][i]'SteweGriffin'[/i][/green][teal]=>[/teal][green][i]'secret unguessable password'[/i][/green]
[teal]);[/teal]

[b]if[/b] [teal]([/teal][navy]$allowed[/navy][teal][[/teal][navy]$_POST[/navy][teal][[/teal][green][i]'user'[/i][/green][teal]]]==[/teal][navy]$_POST[/navy][teal][[/teal][green][i]'pass'[/i][/green][teal]])[/teal] [navy]$_SESSION[/navy][teal][[/teal][green][i]'user'[/i][/green][teal]]=[/teal][navy]$_POST[/navy][teal][[/teal][green][i]'user'[/i][/green][teal]];[/teal]
[highlight][b]else[/b] [b]unset[/b][teal]([/teal][navy]$_SESSION[/navy][teal][[/teal][green][i]'user'[/i][/green][teal]]);[/teal][/highlight]

[teal]?>[/teal]

[teal]<?php[/teal] [b]if[/b] [teal]([/teal][navy]$_SESSION[/navy][teal][[/teal][green][i]'user'[/i][/green][teal]])[/teal] [teal]{[/teal] [teal]?>[/teal]

Now you are logged in [b]as[/b] user [teal]<?php[/teal] [b]echo[/b] [navy]$_SESSION[/navy][teal][[/teal][green][i]'user'[/i][/green][teal]];[/teal] [teal]?>.[/teal]

[teal]<?php[/teal] [teal]}[/teal] [b]else[/b] [teal]{[/teal] [teal]?>[/teal]

Login failed[teal].[/teal] Go back to the [teal]<[/teal]a href[teal]=[/teal][green][i]"login.php"[/i][/green][teal]>[/teal]login page[teal]</[/teal]a[teal]>[/teal] [b]and[/b] try again[teal].[/teal]

[teal]<?php[/teal] [teal]}[/teal] [teal]?>[/teal]
By the way, I changed it abit during the testing for flexibility and to handle multiple user/password pairs. So the related [tt]if[/tt]'s condition also changed. But the highlighted [tt]else[/tt] code can be used with the original [tt]if[/tt] too.

Feherke.
 
Upvote 0 Downvote
FANTASTIC.

Thanks Again Feherke.
I added the Logout php code to the successfull upload page to that ther automatically logged out on each upload.
Works like a charm.

Chears
 
Upvote 0 Downvote
Hi

SteweGriffin said:
I added the Logout php code to the successfull upload page to that ther automatically logged out on each upload.
Click to expand...
Is that really necessary ?

If you mean that
[ul]
[li]each entered user/password pair is valid for only one upload[/li]
[li]the user/password pair has to be specified only for the upload and no other functionality uses it[/li]
[/ul]
then why are you using separate login and upload pages ? Just put all three [tt]input[/tt]s ( user, password, file ) on the same page. That would make both your and your visitor's life easier.

Feherke.
 
Upvote 0 Downvote
The person that wanted this website done was specific on how they wanted it to work, which is why its done this way, however, I'll revist the design and see if I can incorporate your suggestion into it and sell the idea / design to them by showing them a working version.

Thanks
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

c0deM0nK424
  • Locked
  • Question
Gutenberg Block Editor - page edits and updates not working since wp site migration
Replies
1
Views
405
spamjim
spamjim
ravicoder
  • Locked
  • Question
Populating a span based on input field
Replies
0
Views
92
ravicoder
ravicoder
chrisjchrisj
  • Locked
  • Question
Can you tell me if this file outputs a subcategory page?
Replies
3
Views
115
spamjim
spamjim
dball63
  • Locked
  • Question
Noob Needs some help making HTML edits on PHP page
Replies
6
Views
170
spamjim
spamjim
PeDa
  • Locked
  • Question
POST Content-lLength of ... bytes exceeds the limit of 8388608 bytes in Unknown on line 0
Replies
4
Views
288
feherke
feherke

Part and Inventory Search

Sponsor

Back
Top