prevent url access without form submit php

Question

Suppose we have a form where we allow user to submit some text or so.... Then the form is submitted which passes the value to another page where we show result based on the input submitted in previous page. Now we know both url so we may try to access them directly but first one is ok no problem, when going to acess second page it will not have the parameters or says the value to give result ?????? so i want to prevent user getting direct access to this page without filling the form and submitting same from first page.

Eg submit a form with text box name and next page we display details of that name from database. url may looks like for second page www.domain.com/page2.php?name=somename

Any Idea?

*we already checked user to login when try accessing the first page

score 2 · Accepted Answer · answered Jun 09 '13 at 03:21

2

Try this...

if(!isset($_GET)){
   header('Location: http://www.backtoyourotherpage.php/');
}

But I would use POST on your form, so that the url isn't printed in the fashion that you showed....with all the words in it

then it will become ...

 if(!isset($_POST)){
   header('Location: http://www.backtoyourotherpage.php/');
}

answered Jun 09 '13 at 03:21

Kylie

11,421
11
47
78

yeah post is fine to use for security and in long forms – Rajeev Kumar Jun 09 '13 at 03:24

score 1 · Answer 2 · answered Jun 09 '13 at 04:56

1

This variable have the URL that calls the page..

$_SERVER['HTTP_REFERER']

You can check if there are data passed by $_POST or $_GET but the best method is generate an aleatory string (or token), save it in the $_SESSION variable and send it in the form, then compare twice, if them match continue the execution...

answered Jun 09 '13 at 04:56

Simón Urzúa

1,556
2
11
16

The $_SESSION can also be used to ensure the page is not called twice. Great answer. – Robert Seddon-Smith Jun 09 '13 at 08:59

score 0 · Answer 3 · edited May 23 '17 at 12:11

There are two ways you can test how the second page is being accessed:

The simplest one is that you will always check if you're getting the required POST parameters you're looking for in your second page. You can do that by checking that the required form values exist in appropriate fields in $_POST
You can also check for the page referer, and only allow access to page B if the user is coming from page A (however, do note that the page referer can be spoofed by clients). Here's an SO question describing how to obtain the referer in a PHP page

score 0 · Answer 4 · answered Jun 09 '13 at 03:20

Use the following code at the starting of your 2nd php file. This will check if the url is requested as POST or not. Assuming you have the method POST in your form. This will prevent users from directly accessing via URLs.

<?php 
    if(!isset($_POST)){
         header("location:someotherpage.php");
    }
?>

This, however does not work when the user sends POST requests from any other place. It's also good to check for individual form fields, and redirect.

prevent url access without form submit php

4 Answers4

Linked