By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
431,745 Members | 1,957 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 431,745 IT Pros & Developers. It's quick & easy.

how can I ensure a PAGE2.php is opened only after viewing PAGE1.php AND is opened in HTTPS?

P: n/a
I have a web page where certain pages have to be opened in a certain order
and should only be available when the user openes them in HTTPS.

They are all forms and the form action sends you to the next https:// page
but you can also take the S out of https:// and it opens also. That's what
I need to avoid as well as making certain they got to a certain page FROM a
certain page.

When I try:
if (isset($_SERVER['HTTPS']!='on'))
it crashes and is not even listed on php.net as a valid variable.

Many thanks
Jul 17 '05 #1
Share this Question
Share on Google+
9 Replies


P: n/a

On 19-Nov-2003, "NotGiven" <no****@nonegiven.net> wrote:
I have a web page where certain pages have to be opened in a certain order
and should only be available when the user openes them in HTTPS.

They are all forms and the form action sends you to the next https:// page
but you can also take the S out of https:// and it opens also. That's
what
I need to avoid as well as making certain they got to a certain page FROM
a
certain page.

When I try:
if (isset($_SERVER['HTTPS']!='on'))
it crashes and is not even listed on php.net as a valid variable.


Either hide something in a field on the page that you check in the next page
(if your hidden field isn't in the $_POST array you know the user didn't
come from that page) or use sessions.

--
Tom Thackrey
www.creative-light.com
tom (at) creative (dash) light (dot) com
do NOT send email to ja*********@willglen.net (it's reserved for spammers)
Jul 17 '05 #2

P: n/a
Tom Thackrey wrote:

On 19-Nov-2003, "NotGiven" <no****@nonegiven.net> wrote:
I have a web page where certain pages have to be opened in a certain
order and should only be available when the user openes them in HTTPS.

They are all forms and the form action sends you to the next https://
page
but you can also take the S out of https:// and it opens also. That's
what
I need to avoid as well as making certain they got to a certain page FROM
a
certain page.

When I try:
if (isset($_SERVER['HTTPS']!='on'))
it crashes and is not even listed on php.net as a valid variable.


Either hide something in a field on the page that you check in the next
page (if your hidden field isn't in the $_POST array you know the user
didn't come from that page) or use sessions.

You could do it with sessions.

on the first page: (start the sessions and all that good stuff)
$_SESSION['pageone'] = true

on page two:
if($_SESSION['pageone'] == true){
$_SESSION['pagetwo'] = true;
pagetwostuff();
}
else{
echo "Please visit page one first!";
echo "<a href="pageone">page one</a>";
}

continue if you have page 3, etc...
if($_SESSION['pageone'] == true && $_SESSION['pagetwo'] == true)

if you have lots of pages in sequence, you may want to figure out a way to
do this with an array instead of individual arrays. ie:
pages[0] == true; // visited page one
pages[1] == true; // visited page two
pages[2] == false; // didnt visit page three/on page 3 perhaps?
pages[3] == false; // didnt visit page four

Good Luck!
-Eric Kincl
Jul 17 '05 #3

P: n/a
You could also look into the referer and see whether it came from
https://yourdomain.com/page1.php or not, etc etc

"Tom Thackrey" <us***********@nospam.com> wrote in message
news:vu*******************@newssvr25.news.prodigy. com...

On 19-Nov-2003, "NotGiven" <no****@nonegiven.net> wrote:
I have a web page where certain pages have to be opened in a certain order and should only be available when the user openes them in HTTPS.

They are all forms and the form action sends you to the next https:// page but you can also take the S out of https:// and it opens also. That's
what
I need to avoid as well as making certain they got to a certain page FROM a
certain page.

When I try:
if (isset($_SERVER['HTTPS']!='on'))
it crashes and is not even listed on php.net as a valid variable.
Either hide something in a field on the page that you check in the next

page (if your hidden field isn't in the $_POST array you know the user didn't
come from that page) or use sessions.

--
Tom Thackrey
www.creative-light.com
tom (at) creative (dash) light (dot) com
do NOT send email to ja*********@willglen.net (it's reserved for spammers)

Jul 17 '05 #4

P: n/a
On Wed, 19 Nov 2003 18:01:41 -0800, Thi Nguyen wrote:
You could also look into the referer and see whether it came from
https://yourdomain.com/page1.php or not, etc etc

"Tom Thackrey" <us***********@nospam.com> wrote in message
news:vu*******************@newssvr25.news.prodigy. com...

On 19-Nov-2003, "NotGiven" <no****@nonegiven.net> wrote:
I have a web page where certain pages have to be opened in a certain order and should only be available when the user openes them in HTTPS.
(snip)


Watch that, though... referers are sent by the browser, and can be easily
faked or omitted.
--
-- Rudy Fleminger
-- sp@mmers.and.evil.ones.will.bow-down-to.us
(put "Hey!" in the Subject line for priority processing!)
-- http://www.pixelsaredead.com
Jul 17 '05 #5

P: n/a
> They are all forms and the form action sends you to the next https:// page
but you can also take the S out of https:// and it opens also. That's what I need to avoid as well as making certain they got to a certain page FROM a certain page.

When I try:
if (isset($_SERVER['HTTPS']!='on'))
it crashes and is not even listed on php.net as a valid variable.


Try this instead:

if (isset($_SERVER['HTTPS'])!='on')

Bye,
Jonathan
Jul 17 '05 #6

P: n/a
That caused page failure. I can't find anything anywhere that talks about
HTTPS being a parameter in $_SERVER

Thanks.

"Jonathan" <jo******@tricolon.com> wrote in message
news:3f**********************@news.xs4all.nl...
They are all forms and the form action sends you to the next https:// page but you can also take the S out of https:// and it opens also. That's what
I need to avoid as well as making certain they got to a certain page

FROM a
certain page.

When I try:
if (isset($_SERVER['HTTPS']!='on'))
it crashes and is not even listed on php.net as a valid variable.


Try this instead:

if (isset($_SERVER['HTTPS'])!='on')

Bye,
Jonathan

Jul 17 '05 #7

P: n/a
That caused page failure. I can't find anything anywhere that talks about
HTTPS being a parameter in $_SERVER

Thanks.
if (isset($_SERVER['HTTPS'])!='on')


Sorry, my mistake ;) If a var is not set then it will definately not contain
the value 'on'. So you can just use this:

if ($_SERVER['HTTPS']!='on')

Bye,
Jonathan
Jul 17 '05 #8

P: n/a

"Jonathan" <jo******@tricolon.com> schreef in bericht
news:3f**********************@news.xs4all.nl...

Sorry, my mistake ;) If a var is not set then it will definately not contain the value 'on'. So you can just use this:

if ($_SERVER['HTTPS']!='on')


This line will throw a warning when the key doesn't exist with the proper
error reporting level. Therefore, it's saver, and also good practice, to use
isset to check if the variable has been set:

if ( isset($_SERVER['HTTPS']) && $_SERVER['HTTPS']!='on' )
JW

Jul 17 '05 #9

P: n/a
"Janwillem Borleffs" <jw@jwscripts.com> wrote in message news:<3f*********************@news.euronet.nl>...
"Jonathan" <jo******@tricolon.com> schreef in bericht
news:3f**********************@news.xs4all.nl...

Sorry, my mistake ;) If a var is not set then it will definately not

contain
the value 'on'. So you can just use this:

if ($_SERVER['HTTPS']!='on')


This line will throw a warning when the key doesn't exist with the proper
error reporting level. Therefore, it's saver, and also good practice, to use
isset to check if the variable has been set:

if ( isset($_SERVER['HTTPS']) && $_SERVER['HTTPS']!='on' )


AFAIK, 'on' is not guaranteed. So,
$is_https = (!empty($_SERVER['HTTPS'])); is the correct check (IMHO)

---
"Dying is an art, like everything else"---Sylvia Plath
Email: rrjanbiah-at-Y!com
Jul 17 '05 #10

This discussion thread is closed

Replies have been disabled for this discussion.