-2

I want to send the 'user id' from one page to another page. but the condition is that I want to send the data in a secure manner. I am able to send the ID through GET Method.

Suppose I send the data using GET method using this way. 

<a href="profile.php?id=<?php ; echo $id ; ?>">

for Eg. This is the URL that I am getting : 

http://localhost/joli/profile.php?id=23

and My profile.php contains the following code : 

include ('header.php') ; 

 if($_SERVER['REQUEST_METHOD'] =="GET")
{
echo "YES" ;

}
else{
echo "NO";
}
include('footer.php') ;
?>

Now the Problem is, If I directly access the URL . the page gets Loaded and Prints "YES". I want some limitation that User can't fetch the information directly through URL. This Page should deliver the data only when the Read more button is pressed from the previous page.

I hope my question is clear.

Your Common Sense
  • 156,878
  • 40
  • 214
  • 345
  • 1
    One way of doing this is to encrypt ID and pass it like encrypted value and then decrypt on the destination file so you could use it. In that way it will be hard for a simple user to just put link?id=some_number. Not 100% safe! Values can be decrypted! You can't prevent user to directly access some URL, but you can make it hard for him to guess the params. – Budimir Skrtic Apr 08 '19 at 11:59
  • secure manner to do this is store user id as the session variable and then retrieve it. – guruprasad ks Apr 08 '19 at 11:59
  • @BudimirSkrtic Do you have any Example ? –  Apr 08 '19 at 12:02
  • Take a look at this. https://stackoverflow.com/questions/20014118/php-sending-encrypted-data-via-the-url Answer from Dan Green-Leipciger. I have used it on one of my projects. Did adjust a bit for my needs, but it will point you to right direction. – Budimir Skrtic Apr 08 '19 at 12:05
  • it just occurred to me that you probably need a SESSION – Your Common Sense Apr 08 '19 at 13:28

2 Answers2

4

This. Is. Impossible.

For the server either pressing a button or "direct" access are the same.

Your Common Sense
  • 156,878
  • 40
  • 214
  • 345
-1

try this

$id_profile = (int) strip_tags($_GET['id']);

    if(strtoupper($_SERVER['REQUEST_METHOD']) != 'GET')
      header('location:www.example.com'); exit();

    if (isset($id_profile) && !empty($id_profile) && $id_profile > 0) {

      var_dump($id_profile);

    }else{
      header('location:www.example.com');
      exit();
    }
    }
GOSTRAFX
  • 37
  • 4