-1

I wanted to know if it is possible that only the content of a web page is shown as long as it comes from a link for example:

mipagina.com/paso1.php to ► mipagina.com/paso2.php

And in this way if the person tries to enter mipagina.com/paso2.php directly with the URL, it is not allowed to either see nothing or show an error message.

Felipe Augusto
  • 7,733
  • 10
  • 39
  • 73
jkjul
  • 117

1 Answers1

0

Try this:

$ref = $_SERVER['HTTP_REFERER'];
if(isset($ref[0])) {
    $protocol = strtolower(parse_url($ref)['scheme']) === 'https' ? 'https':'http';
    echo (strtolower($ref) === $protocol . '://mipagina.com/paso1.php') ? 'welcome':'You can\'t access this page directly.';  
} else {
   echo 'You can\'t access this page directly.';
}

Ps: don't rely on the $_SERVER['HTTP_REFERER'] as it's not always sent to the server and can be changed by the application user hence vulnerability increases.

ThS
  • 4,597
  • 2
  • 15
  • 27
  • very well the code detects when I enter directly by url and I redigire to the page of error assigned the problem that I have with this code is that it works if I enter from any page as long as it is for a link by saying step5523.php contains a link to step2.php and the same keep going when you should show the error message since the only entry should only be by step1.php, I would like it to work the same but only show the web and the welcome message only when it comes from a page in specific in this case paso1.php – jkjul Aug 18 '18 at 05:51
  • I didn't quietly understand, but, what this code does is simply: if a request comes to `page2.php` that its not from `page1.php` it will be notified via a message saying "You can't access this page directly." You can provide a screenshot of your issue or explain more your needs so I can help you further. Another time, relying on `$_SERVER['HTTP_REFERER']` is really a bad idea, you can implement tracking by yourself and it's not that hard to do. – ThS Aug 18 '18 at 12:31
  • Excuse me, what happens is that I'm allowed to enter any part that contains the link, I want you to only enter when the link is in step1.php for example if I put a link to step123.php let me enter same step2.php when I should send an error – jkjul Aug 18 '18 at 12:43
  • I really don't get it, the condition of accessing is simple: if the referrer = 'page1.php' show 'welcome' else show 'you cant access this page' ! But the access condition is clear so I'll write here for you changing the `ternary operator` by corresponding `if` and `else` statements: `if(strtolower($ref) === $protocol . '://mipagina.com/paso1.php') { echo 'welcome'; } else { echo 'You can\'t access this page directly.'; }` – ThS Aug 18 '18 at 13:08
  • Thanks, if I have just tried it but the problem is that it is in a step2.php from another page that is not step1.php keeps entering me normally when I should send the error message, it is only sending the error message when I enter by URL – jkjul Aug 18 '18 at 14:00
  • `window.location = 'error.php';"); } ?> ` – jkjul Aug 18 '18 at 14:34
  • ok, what happens when you access page2 by clicking a link from another page other than page1 ? – ThS Aug 18 '18 at 14:39
  • ok what happens is that it shows me the welcome message when I should send the error – jkjul Aug 18 '18 at 14:43
  • well, I knew it ! My answer works great, the issue is that you were misplacing the the redirection in the script tag. Try this: `$ref = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER']:''; if(isset($ref[0])) { $protocol = strtolower(parse_url($ref)['scheme']) === 'https' ? 'https':'http'; if(0 === strcmp(strtolower($ref), $protocol . '://paso1.php')) { echo 'BIENVENIDO'; } else { echo ''; } } else { echo ''; }` – ThS Aug 18 '18 at 14:59
  • and by the way, why relying on `JavaScript` to do the redirection ? You can do it through `PHP` though. And as I said relying on `$_SERVER['HTTP_REFERER']` is a bad choice, implementing a tracking tool would be better, a `GET` variable containing the `URL` that led to this page is all what you need. – ThS Aug 18 '18 at 15:20