how can I ensure a PAGE2.php is opened only after viewing PAGE1.php AND is opened in HTTPS?

On 19-Nov-2003, "NotGiven" <no****@nonegiven.net> wrote:

I have a web page where certain pages have to be opened in a certain order
and should only be available when the user openes them in HTTPS.

They are all forms and the form action sends you to the next https:// page
but you can also take the S out of https:// and it opens also. That's
what
I need to avoid as well as making certain they got to a certain page FROM
a
certain page.

When I try:
if (isset($_SERVER['HTTPS']!='on'))
it crashes and is not even listed on php.net as a valid variable.

Either hide something in a field on the page that you check in the next page
(if your hidden field isn't in the $_POST array you know the user didn't
come from that page) or use sessions.

--
Tom Thackrey
www.creative-light.com
tom (at) creative (dash) light (dot) com
do NOT send email to ja*********@willglen.net (it's reserved for spammers)

Tom Thackrey wrote:

On 19-Nov-2003, "NotGiven" <no****@nonegiven.net> wrote:

I have a web page where certain pages have to be opened in a certain
order and should only be available when the user openes them in HTTPS.

They are all forms and the form action sends you to the next https://
page
but you can also take the S out of https:// and it opens also. That's
what
I need to avoid as well as making certain they got to a certain page FROM
a
certain page.

When I try:
if (isset($_SERVER['HTTPS']!='on'))
it crashes and is not even listed on php.net as a valid variable.

Either hide something in a field on the page that you check in the next
page (if your hidden field isn't in the $_POST array you know the user
didn't come from that page) or use sessions.

You could do it with sessions.

on the first page: (start the sessions and all that good stuff)
$_SESSION['pageone'] = true

on page two:
if($_SESSION['pageone'] == true){
$_SESSION['pagetwo'] = true;
pagetwostuff();
}
else{
echo "Please visit page one first!";
echo "<a href="pageone">page one</a>";
}

continue if you have page 3, etc...
if($_SESSION['pageone'] == true && $_SESSION['pagetwo'] == true)

if you have lots of pages in sequence, you may want to figure out a way to
do this with an array instead of individual arrays. ie:
pages[0] == true; // visited page one
pages[1] == true; // visited page two
pages[2] == false; // didnt visit page three/on page 3 perhaps?
pages[3] == false; // didnt visit page four

Good Luck!
-Eric Kincl

You could also look into the referer and see whether it came from
https://yourdomain.com/page1.php or not, etc etc

"Tom Thackrey" <us***********@nospam.com> wrote in message
news:vu*******************@newssvr25.news.prodigy. com...

On 19-Nov-2003, "NotGiven" <no****@nonegiven.net> wrote:

I have a web page where certain pages have to be opened in a certain order and should only be available when the user openes them in HTTPS.

They are all forms and the form action sends you to the next https:// page but you can also take the S out of https:// and it opens also. That's
what
I need to avoid as well as making certain they got to a certain page FROM a
certain page.

When I try:
if (isset($_SERVER['HTTPS']!='on'))
it crashes and is not even listed on php.net as a valid variable.
Either hide something in a field on the page that you check in the next

page (if your hidden field isn't in the $_POST array you know the user didn't
come from that page) or use sessions.

--
Tom Thackrey
www.creative-light.com
tom (at) creative (dash) light (dot) com
do NOT send email to ja*********@willglen.net (it's reserved for spammers)

On Wed, 19 Nov 2003 18:01:41 -0800, Thi Nguyen wrote:

You could also look into the referer and see whether it came from
https://yourdomain.com/page1.php or not, etc etc

"Tom Thackrey" <us***********@nospam.com> wrote in message
news:vu*******************@newssvr25.news.prodigy. com...

On 19-Nov-2003, "NotGiven" <no****@nonegiven.net> wrote:

I have a web page where certain pages have to be opened in a certain order and should only be available when the user openes them in HTTPS.
(snip)

Watch that, though... referers are sent by the browser, and can be easily
faked or omitted.
--
-- Rudy Fleminger
-- sp@mmers.and.evil.ones.will.bow-down-to.us
(put "Hey!" in the Subject line for priority processing!)
-- http://www.pixelsaredead.com

> They are all forms and the form action sends you to the next https:// page

but you can also take the S out of https:// and it opens also. That's what I need to avoid as well as making certain they got to a certain page FROM a certain page.

When I try:
if (isset($_SERVER['HTTPS']!='on'))
it crashes and is not even listed on php.net as a valid variable.

Try this instead:

if (isset($_SERVER['HTTPS'])!='on')

Bye,
Jonathan

That caused page failure. I can't find anything anywhere that talks about
HTTPS being a parameter in $_SERVER

Thanks.

"Jonathan" <jo******@tricolon.com> wrote in message
news:3f**********************@news.xs4all.nl...

They are all forms and the form action sends you to the next https:// page but you can also take the S out of https:// and it opens also. That's what

I need to avoid as well as making certain they got to a certain page

FROM a

certain page.

When I try:
if (isset($_SERVER['HTTPS']!='on'))
it crashes and is not even listed on php.net as a valid variable.

Try this instead:

if (isset($_SERVER['HTTPS'])!='on')

Bye,
Jonathan

That caused page failure. I can't find anything anywhere that talks about
HTTPS being a parameter in $_SERVER

Thanks.

if (isset($_SERVER['HTTPS'])!='on')

Sorry, my mistake ;) If a var is not set then it will definately not contain
the value 'on'. So you can just use this:

if ($_SERVER['HTTPS']!='on')

Bye,
Jonathan

"Jonathan" <jo******@tricolon.com> schreef in bericht
news:3f**********************@news.xs4all.nl...

Sorry, my mistake ;) If a var is not set then it will definately not contain the value 'on'. So you can just use this:

if ($_SERVER['HTTPS']!='on')

This line will throw a warning when the key doesn't exist with the proper
error reporting level. Therefore, it's saver, and also good practice, to use
isset to check if the variable has been set:

if ( isset($_SERVER['HTTPS']) && $_SERVER['HTTPS']!='on' )
JW

"Janwillem Borleffs" <jw@jwscripts.com> wrote in message news:<3f*********************@news.euronet.nl>...

"Jonathan" <jo******@tricolon.com> schreef in bericht
news:3f**********************@news.xs4all.nl...

Sorry, my mistake ;) If a var is not set then it will definately not

contain

the value 'on'. So you can just use this:

if ($_SERVER['HTTPS']!='on')

This line will throw a warning when the key doesn't exist with the proper
error reporting level. Therefore, it's saver, and also good practice, to use
isset to check if the variable has been set:

if ( isset($_SERVER['HTTPS']) && $_SERVER['HTTPS']!='on' )

AFAIK, 'on' is not guaranteed. So,
$is_https = (!empty($_SERVER['HTTPS'])); is the correct check (IMHO)

---
"Dying is an art, like everything else"---Sylvia Plath
Email: rrjanbiah-at-Y!com