Making a web page visible only when user comes from a specific page or link

Question

How would you make a web page visible only for the users that come from a specific page or link? If the page's link is accessed later directly from the browser, or from any other source instead of the specified page or link, give an error, or redirect to other page.

If yes, please let me know how would you do it, and what your recomendations are.

http://stackoverflow.com/questions/1519349/track-where-users-come-from-in-php — adeneo, Jan 14 '15 at 22:10
possible duplicate of [Determining Referer in PHP](http://stackoverflow.com/questions/165975/determining-referer-in-php) — Heretic Monkey, Jan 14 '15 at 22:20
Yes, use adeneo's link, and set `display:none` or whatever you like to hide the page. — jyoonPro, Jan 14 '15 at 22:22
display: none doesn't block access to content; it simply hide it, but it's still visible in source — Michał Kutra, Jan 14 '15 at 22:23
And if anything, it's actually easier to totally block the content in PHP than it is to alter the CSS `display`. — OJFord, Jan 14 '15 at 23:59

score 2 · Accepted Answer · edited May 23 '17 at 12:11

2

I think something what can be useful for You is $_SERVER['HTTP_REFERER'] - see details

With this var You can simply check from where user has came and decide on server side to show or not another page from your website

In pseudo-code

<?php

if ('a-referer-identificator' === $_SERVER['HTTP_REFERER']) {

echo 'show your website';

} else {
// Redirect for access denied or sth like that
header('Location: http://www.example.com/');
}

?>

edited May 23 '17 at 12:11

Community

1
1

answered Jan 14 '15 at 22:11

Michał Kutra

1,202
8
21

http_referer is not always reliable. You can set a session var on an authorized page and unset it when loading the restricted page. But for basic needs, http_referer will probably be fine – Kai Qing Jan 14 '15 at 22:15
Right. And this is of course solution in PHP – Michał Kutra Jan 14 '15 at 22:16
@KaiQing I don't believe there is any way to do this that would prevent a malicious entry. But this technique isn't appropriate for anything of security concern anyway - I'm imagining OP wants to welcome search engine visitors, or only show content when you've come from the homepage, or something like that. – OJFord Jan 15 '15 at 00:01
@ollie - you could make the only valid referral page restricted to logged in users. OP doesn't exactly clarify the terms of the request so all we can do is speculate. However, if this question needs to be asked, chances are the OP is not making something of enterprise level or dealing with a great deal of security issues. – Kai Qing Jan 15 '15 at 00:06
@KaiQing Could I not still change the header on my own website, making it look like I passed whatever authentication was assumed done on the only valid referral page? – OJFord Jan 15 '15 at 00:10
@ollie - supposing your authentication page set a database entry and a local use once key, for example. I'm not talking about http_referer, but alternatives. Inbound from other sites may be of some kind of issue unless they performed some kind of authentication as well, but that's probably way beyond the scope of this question. We don't really know what OP is talking about so for all we know the referring sites are in his control. Not sure / don't care. Unless OP updates with a more specific list of needs and evidence of effort, I don't really care to add to the subject any more – Kai Qing Jan 15 '15 at 00:18

score 0 · Answer 2 · answered Jan 14 '15 at 22:16

0

You can Track a with the PHP HTTP-Referer variable. But be Aware of that like any HTTP Variable it can easily changed by someone.

If you use it you just need to build an If Block and if it false Redirect with the header-Function

answered Jan 14 '15 at 22:16

j_s_stack

667
1
5
18

Making a web page visible only when user comes from a specific page or link

2 Answers2