restrict page access to one referring page

I'm looking for a way to prevent access to a web page except from a
particular referring page.

What I am trying to do is prevent access to a download page for anyone
who has not successfully completed an online quiz.

Any ideas on how to this in php (using Drupal) would be most
appreciated.

Thanks.

Tom

Message-ID:
<71c7012d-449e-4344-9a85-8ba03506448a@d45g2000hsc.googlegroups.comfrom
tomrue contained the following:
Sessions or cookies.

--
Geoff Berrow 0110001001101100010000000110
001101101011011001000110111101100111001011
100110001101101111001011100111010101101011

Using Drupal 6.x, I believe either sessions or cookies would work, but
I am not sure.






On Jun 30, 3:46 pm, Geoff Berrow <blthe...@ckdog.co.ukwrote:

Message-ID:
<b2a9b6d4-c8f1-4174-b1f0-2ce886a90baa@y38g2000hsy.googlegroups.comfrom
tomrue contained the following:
So..ummm..try it?
--
Regards,

Geoff Berrow

That's a very helpful suggestion. The problem, for me, unfortunately,
is that I don't know how to do it. Hence my question.

Thanks.

Tom




On Jun 30, 6:33 pm, Geoff Berrow <blthe...@ckdog.co.ukwrote:

On Jun 30, 6:33*pm, Geoff Berrow <blthe...@ckdog.co.ukwrote:You could definitely use a session variable to keep track of where
you're coming from. The other way of doing this is to use hidden html
fields with known values, one per page. Have a function which checks
what the value of the hidden field is and knocks you out of the page
if you didn't come from the correct previous page.

tomrue wrote:(Top posting fixed)

Yes, a session variable is the way to go. A cookie would be second, IMHO.

Both ways can be implemented in Drupal. For more help on how to do it
in Drupal, check the Drupal user forums. I've found them to be very helpful

And please don't top post.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

tomrue wrote:I am not familiar at all with Dupral or what it even is but here is the
basic for PHP.

1. On the Quiz page start a session

<?php
session_start();

(This had to be the first thing sent on the page before ANY output, even
a space or header)

2. On the Quiz page set your session variable

$_SESSION['authenticated'] = 'yes';

(Now where you set this variable is up to you. Set it at the top and you
will just know if the person has been to the page, if you want to make
sure they have done something particular on the page you will have to
add it to that process when they are done)

3. On the second page check for the session variable
<?php
session_start(); (before any output remember)
if($_SESSION['authenticated'] != 'yes') {
*** redirect code ***
}

This is super simplicated but will work is the basic of ways.

This will also work with cookies, but if the cookie you are comparing it
to is the same for anyone, it would be easy to spoof the cookie process
and get in anyhow.

Good luck.

Scotty

Message-ID:
<d13ffd7f-9315-46ee-97dc-96067c246d7e@i76g2000hsf.googlegroups.comfrom
tomrue contained the following:
I wasn't being deliberately unhelpful. There are plenty of PHP tutorials
around which will show you how to use sessions or cookies. Se my own
examples for cookies below.

I suggested cookies because I thought it would be simpler for you to
decide when they expire.

For cookies
http://www.ckdog.co.uk/phpcourse/Lesson6/remember.php

Code
http://www.ckdog.co.uk/phpcourse/Lesson6/remember.phps
http://www.ckdog.co.uk/phpcourse/Lesson6/remember2.phps

--
Regards,

Geoff Berrow

On Jul 1, 8:11*am, Geoff Berrow <blthe...@ckdog.co.ukwrote:My suggestion as an alternative would be to have a regular expression
at the top of your download page that checks the page refferal. I'd
call the page .inc.php and include it when it should be displayed. The
regular expression would test for the .inc.php in the request for the
page and reject it if its found. That would mean someone is trying to
view it directly by opening the page (eg download.inc.php) rather than
from the point you want to view it.

It does mean that you would need another place from which to use an
include() on the download page. So on the submission of the last page
of the quiz, the php handler for the form (i'm assuming there is a
form involved in your quiz pages) would simply have
include("download.inc.php"); as the only action to perform.

Sorry if this isn't clear, a session/cookie variable to track the quiz
status is far simpler if your quiz isn't setup in a compatible way.

Regular expression (Not very PHP5 way of doing it I know you could use
a different server array)

if (eregi(".inc.php",$HTTP_SERVER_VARS['PHP_SELF']) ||
eregi(".inc.php",$_SERVER['PHP_SELF'])) {
echo "<html>\r\n<head>\r\n<title>Forbidden 403</title>\r\n</head>\r
\n<body><h3>Forbidden 403</h3>\r\nThe document you are requesting is
forbidden.\r\n</body>\r\n</html>";
exit;
}

This will only allow the file to be included and not directly viewed.
Clear as mud :-)

Regards,
John