I have a popup window (required by the client) containing a form and would
like to prevent users from accessing it directly. They are instead required
to access the page via a hyperlink on another page. HTTP_REFERER, while not
completely reliable, would serve the purpose except for another problem. The
hyperlink points to a JavaScript function which opens the popup. This yields
HTTP_REFERER worthless. My other thought was to create a session_id and pass
it to the popup. However this session_id would not be valid in the new popup
window.
Bottom line, I need to validate the user to insure they are accessing the
page through the "front door".
All comments/suggestion appreciated.
Thanks. 2 2698
"Xenophobe" wrote: I have a popup window (required by the client) containing a form
and would like to prevent users from accessing it directly. They are instead required to access the page via a hyperlink on another page. HTTP_REFERER, while not completely reliable, would serve the purpose except for another problem. The hyperlink points to a JavaScript function which opens the popup.
This yields HTTP_REFERER worthless. My other thought was to create a session_id and pass it to the popup. However this session_id would not be valid in the
new popup window.
Bottom line, I need to validate the user to insure they are
accessing the page through the "front door".
All comments/suggestion appreciated.
Thanks.
Take some server variables known to all scripts and pass them via url.
E.g. do an md5( $_SERVER[’REMOTE_ADDR’] . $_SERVER[’SERVER_NAME’]);
and pass that via URL. Now the popped script can also do an md5 and
compare. This md5’ed string would be unique for each user (due to
IP).
If you want them to do the form, say within 10 minutes, add some
timing info to the above as well.
-- http://www.dbForumz.com/ This article was posted by author's request
Articles individually checked for conformance to usenet standards
Topic URL: http://www.dbForumz.com/PHP-restrict...ict135858.html
Visit Topic URL to contact author (reg. req'd). Report abuse: http://www.dbForumz.com/eform.php?p=454421
Because the use of existing client side JavaScript passing values via the
URL isn't practical. However, it turns out using session variables works
perfectly fine once they're set correctly and the state is managed
correctly.
"steve" <Us************ @dbForumz.com> wrote in message
news:41******** **@news.athenan ews.com... "Xenophobe" wrote: > I have a popup window (required by the client) containing a form and > would > like to prevent users from accessing it directly. They are instead > required > to access the page via a hyperlink on another page. HTTP_REFERER, > while not > completely reliable, would serve the purpose except for another > problem. The > hyperlink points to a JavaScript function which opens the popup. This > yields > HTTP_REFERER worthless. My other thought was to create a session_id > and pass > it to the popup. However this session_id would not be valid in the new > popup > window. > > Bottom line, I need to validate the user to insure they are accessing > the > page through the "front door". > > All comments/suggestion appreciated. > > Thanks.
Take some server variables known to all scripts and pass them via url.
E.g. do an md5( $_SERVER['REMOTE_ADDR'] . $_SERVER['SERVER_NAME']);
and pass that via URL. Now the popped script can also do an md5 and compare. This md5'ed string would be unique for each user (due to IP). If you want them to do the form, say within 10 minutes, add some timing info to the above as well.
-- http://www.dbForumz.com/ This article was posted by author's request Articles individually checked for conformance to usenet standards Topic URL: http://www.dbForumz.com/PHP-restrict...ict135858.html Visit Topic URL to contact author (reg. req'd). Report abuse: http://www.dbForumz.com/eform.php?p=454421 This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: Chuck |
last post by:
Here is my setup.
Netgear Router with a webserver and database server NAT'd behind the
firewall.
Microsoft Windows 2000, IIS 5 - Web Server
Microsoft Windows 2000, MySQL - Database Server
What I would like to have is a web application served up off my WS
(web server) and that application access my DS (db server) without
|
by: CJM |
last post by:
I'm setting up some web-based (ASP) reports that query an Access DB. I also
want certain people to be able to access and manipulate the database
directly.
However, if the database is open in Access, I cant access it via ASP:
Microsoft JET Database Engine error '80004005'
Could not use ''; file already in use.
|
by: Sharon |
last post by:
I'm working with a Frame Grabber that need a buffer (like a C/C++ buffer:
byte* pBytes = new bytes), this buffer must be continuous for the frame
grabber to access any part of it directly and not through wrapping methods
,but I do not know how, and if, I can do that in C#.
I also need to work with this buffer, which contain image, for image...
|
by: Bob Avallone |
last post by:
MetaPro Systems Inc. Visual Studio Dot Net Tips & Tricks #3 – Direct
Access to
Your Outlook Address Book.
Project Type: VS.NET Windows Application
Code Behind: Visual Basic
I have a project where I needed to access my Outlook Address book
directly. This is possible but very tricky. I got it to work and I
would like to share it with...
|
by: bill |
last post by:
I am using vb.net and SQL Server 2000. Hopefully i will soon be using
VB.net 2005.
I would like to prevent users from having direct access to a SQL Server
database, and require them to access the database through an application.
Application roles seem like a good solution, but I read that I shouldn't use
connection pooling with...
| |
by: Bo Peng |
last post by:
Dear list,
I am looking for a way to store a large amount of unique sequences that
will be accessed by objects. The most important operations are:
1. Direct access to the sequences (from pointers stored in each object).
Access through key lookup is not acceptable.
2. Given a new sequence, determine if it is already in the factory of...
|
by: Carlos Villaseñor M. |
last post by:
Hi everybody!
At this time I'm developing my first vusual C#.Net application, and at the
same time I making the "Setup and Deployment" project to install that
application in another computer, everything well, but I don't know how to
configure my Setup project to ask for and create the folder and the direct
access in order to the application...
|
by: Ken Fine |
last post by:
Short version: I want to know how in ASP.NET I could bar direct http access
to some files in a directory that match a pattern, but not others. An
alternate solution would be to bar all direct http access to files and
require that any access of the files be mediated by my web application. In
other words, direct access via...
|
by: sant.tarun |
last post by:
Hi,
I am facing some some problem in restricting the access of a
variable....
My question is described below.....
Let I have two different C source files 'a.c' and 'b.c'.
In the file 'a.c' there is a global variable declared 'int
GlobalVariable' and the same variable is extern in the file 'b.c'.
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language...
| |
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it. ...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes...
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating...
| |