473,241 Members | 1,448 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,241 software developers and data experts.

how can I ensure a PAGE2.php is opened only after viewing PAGE1.php AND is opened in HTTPS?

I have a web page where certain pages have to be opened in a certain order
and should only be available when the user openes them in HTTPS.

They are all forms and the form action sends you to the next https:// page
but you can also take the S out of https:// and it opens also. That's what
I need to avoid as well as making certain they got to a certain page FROM a
certain page.

When I try:
if (isset($_SERVER['HTTPS']!='on'))
it crashes and is not even listed on php.net as a valid variable.

Many thanks
Jul 17 '05 #1
9 3640

On 19-Nov-2003, "NotGiven" <no****@nonegiven.net> wrote:
I have a web page where certain pages have to be opened in a certain order
and should only be available when the user openes them in HTTPS.

They are all forms and the form action sends you to the next https:// page
but you can also take the S out of https:// and it opens also. That's
what
I need to avoid as well as making certain they got to a certain page FROM
a
certain page.

When I try:
if (isset($_SERVER['HTTPS']!='on'))
it crashes and is not even listed on php.net as a valid variable.


Either hide something in a field on the page that you check in the next page
(if your hidden field isn't in the $_POST array you know the user didn't
come from that page) or use sessions.

--
Tom Thackrey
www.creative-light.com
tom (at) creative (dash) light (dot) com
do NOT send email to ja*********@willglen.net (it's reserved for spammers)
Jul 17 '05 #2
Tom Thackrey wrote:

On 19-Nov-2003, "NotGiven" <no****@nonegiven.net> wrote:
I have a web page where certain pages have to be opened in a certain
order and should only be available when the user openes them in HTTPS.

They are all forms and the form action sends you to the next https://
page
but you can also take the S out of https:// and it opens also. That's
what
I need to avoid as well as making certain they got to a certain page FROM
a
certain page.

When I try:
if (isset($_SERVER['HTTPS']!='on'))
it crashes and is not even listed on php.net as a valid variable.


Either hide something in a field on the page that you check in the next
page (if your hidden field isn't in the $_POST array you know the user
didn't come from that page) or use sessions.

You could do it with sessions.

on the first page: (start the sessions and all that good stuff)
$_SESSION['pageone'] = true

on page two:
if($_SESSION['pageone'] == true){
$_SESSION['pagetwo'] = true;
pagetwostuff();
}
else{
echo "Please visit page one first!";
echo "<a href="pageone">page one</a>";
}

continue if you have page 3, etc...
if($_SESSION['pageone'] == true && $_SESSION['pagetwo'] == true)

if you have lots of pages in sequence, you may want to figure out a way to
do this with an array instead of individual arrays. ie:
pages[0] == true; // visited page one
pages[1] == true; // visited page two
pages[2] == false; // didnt visit page three/on page 3 perhaps?
pages[3] == false; // didnt visit page four

Good Luck!
-Eric Kincl
Jul 17 '05 #3
You could also look into the referer and see whether it came from
https://yourdomain.com/page1.php or not, etc etc

"Tom Thackrey" <us***********@nospam.com> wrote in message
news:vu*******************@newssvr25.news.prodigy. com...

On 19-Nov-2003, "NotGiven" <no****@nonegiven.net> wrote:
I have a web page where certain pages have to be opened in a certain order and should only be available when the user openes them in HTTPS.

They are all forms and the form action sends you to the next https:// page but you can also take the S out of https:// and it opens also. That's
what
I need to avoid as well as making certain they got to a certain page FROM a
certain page.

When I try:
if (isset($_SERVER['HTTPS']!='on'))
it crashes and is not even listed on php.net as a valid variable.
Either hide something in a field on the page that you check in the next

page (if your hidden field isn't in the $_POST array you know the user didn't
come from that page) or use sessions.

--
Tom Thackrey
www.creative-light.com
tom (at) creative (dash) light (dot) com
do NOT send email to ja*********@willglen.net (it's reserved for spammers)

Jul 17 '05 #4
On Wed, 19 Nov 2003 18:01:41 -0800, Thi Nguyen wrote:
You could also look into the referer and see whether it came from
https://yourdomain.com/page1.php or not, etc etc

"Tom Thackrey" <us***********@nospam.com> wrote in message
news:vu*******************@newssvr25.news.prodigy. com...

On 19-Nov-2003, "NotGiven" <no****@nonegiven.net> wrote:
I have a web page where certain pages have to be opened in a certain order and should only be available when the user openes them in HTTPS.
(snip)


Watch that, though... referers are sent by the browser, and can be easily
faked or omitted.
--
-- Rudy Fleminger
-- sp@mmers.and.evil.ones.will.bow-down-to.us
(put "Hey!" in the Subject line for priority processing!)
-- http://www.pixelsaredead.com
Jul 17 '05 #5
> They are all forms and the form action sends you to the next https:// page
but you can also take the S out of https:// and it opens also. That's what I need to avoid as well as making certain they got to a certain page FROM a certain page.

When I try:
if (isset($_SERVER['HTTPS']!='on'))
it crashes and is not even listed on php.net as a valid variable.


Try this instead:

if (isset($_SERVER['HTTPS'])!='on')

Bye,
Jonathan
Jul 17 '05 #6
That caused page failure. I can't find anything anywhere that talks about
HTTPS being a parameter in $_SERVER

Thanks.

"Jonathan" <jo******@tricolon.com> wrote in message
news:3f**********************@news.xs4all.nl...
They are all forms and the form action sends you to the next https:// page but you can also take the S out of https:// and it opens also. That's what
I need to avoid as well as making certain they got to a certain page

FROM a
certain page.

When I try:
if (isset($_SERVER['HTTPS']!='on'))
it crashes and is not even listed on php.net as a valid variable.


Try this instead:

if (isset($_SERVER['HTTPS'])!='on')

Bye,
Jonathan

Jul 17 '05 #7
That caused page failure. I can't find anything anywhere that talks about
HTTPS being a parameter in $_SERVER

Thanks.
if (isset($_SERVER['HTTPS'])!='on')


Sorry, my mistake ;) If a var is not set then it will definately not contain
the value 'on'. So you can just use this:

if ($_SERVER['HTTPS']!='on')

Bye,
Jonathan
Jul 17 '05 #8

"Jonathan" <jo******@tricolon.com> schreef in bericht
news:3f**********************@news.xs4all.nl...

Sorry, my mistake ;) If a var is not set then it will definately not contain the value 'on'. So you can just use this:

if ($_SERVER['HTTPS']!='on')


This line will throw a warning when the key doesn't exist with the proper
error reporting level. Therefore, it's saver, and also good practice, to use
isset to check if the variable has been set:

if ( isset($_SERVER['HTTPS']) && $_SERVER['HTTPS']!='on' )
JW

Jul 17 '05 #9
"Janwillem Borleffs" <jw@jwscripts.com> wrote in message news:<3f*********************@news.euronet.nl>...
"Jonathan" <jo******@tricolon.com> schreef in bericht
news:3f**********************@news.xs4all.nl...

Sorry, my mistake ;) If a var is not set then it will definately not

contain
the value 'on'. So you can just use this:

if ($_SERVER['HTTPS']!='on')


This line will throw a warning when the key doesn't exist with the proper
error reporting level. Therefore, it's saver, and also good practice, to use
isset to check if the variable has been set:

if ( isset($_SERVER['HTTPS']) && $_SERVER['HTTPS']!='on' )


AFAIK, 'on' is not guaranteed. So,
$is_https = (!empty($_SERVER['HTTPS'])); is the correct check (IMHO)

---
"Dying is an art, like everything else"---Sylvia Plath
Email: rrjanbiah-at-Y!com
Jul 17 '05 #10

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

5
by: yabba | last post by:
2 asp pages From page1 I open a new window... page2. Does page2 know the parent page/wsindow and more inportantly can page2 somehow update the parent page? Something in the form of "<a...
3
by: - Steve - | last post by:
If a user where to go to http://server/page.aspx I want to force them over to https://server/page.aspx. So those that didn't catch the subtle hint there, I want to move them over to the SSL page....
0
by: John A Grandy | last post by:
I solved this problem once before ... but I've forgotten exactly how I solved it ... Directly beneath my web-app root-folder, I have a two sub-folders, Folder1 and Folder2. Folder1 contains...
2
by: P. Prosper | last post by:
Hello all I have a small webform application with three WebForms that use session variables to maintain session data (user name) When I transfer to page 2 from page1 session state is...
3
by: schwartzenberg | last post by:
Dear friends, I have just run into a strange DB2 problem. Something i'd some of you would answer, if only shortly. My basic question is: How do i ensure 'insensitive' (ie static) cursors...
5
by: kingflux | last post by:
Hello-- When I open an existing file (NoodlePage.aspx), VisualStudio immediately changes around some lines, removes a few characters, and switches some tags. I used fc.exe to compare the before...
0
by: viral123 | last post by:
Hi I am using asp.net application on server side. I have two web forms as page1.aspx and page2.aspx how can i make change in page2.aspx Lable by clicking on page1.aspx form button. I really...
7
by: learning | last post by:
Hi! Here's my situation: I created a temporary table TEMP1 in PAGE1.PHP and inserted a few rows. Before I left PAGE1.PHP i tried "SELECT * FROM TEMP1" and echoed the rows and surely there they...
1
by: chuuburg | last post by:
Hi, can anyone help me with this. I have 2 pages, Page 1 is the main page while Page 2 is a flash page. When i close Page 2, I would like page 1 to be refreshed/re-retrieve from database because i...
0
by: abbasky | last post by:
### Vandf component communication method one: data sharing ​ Vandf components can achieve data exchange through data sharing, state sharing, events, and other methods. Vandf's data exchange method...
2
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 7 Feb 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:30 (7.30PM). In this month's session, the creator of the excellent VBE...
0
by: stefan129 | last post by:
Hey forum members, I'm exploring options for SSL certificates for multiple domains. Has anyone had experience with multi-domain SSL certificates? Any recommendations on reliable providers or specific...
0
by: MeoLessi9 | last post by:
I have VirtualBox installed on Windows 11 and now I would like to install Kali on a virtual machine. However, on the official website, I see two options: "Installer images" and "Virtual machines"....
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
by: Aftab Ahmad | last post by:
Hello Experts! I have written a code in MS Access for a cmd called "WhatsApp Message" to open WhatsApp using that very code but the problem is that it gives a popup message everytime I clicked on...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.