Member Avatar for DaveyMoyes

Hi Everyone, I am looking to protect a webpage in my website. What I would like to do is check if the webpage has been accessed from a pre determined url.

For example:
Mywebsite.com/webpage.php should only be accessed from predetermined.com/url?id=var

I have been doing some digging around and found the following.

$url = 'http://'. $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];

But I am lost with how to check if the url and var is correct. What I am trying to do is stop users going directly to
Mywebsite.com/webpage.php and only allow users to access the webpage from predetermined.com/url?id=var

Hope that makes sence,
Cheers

Edited by Dani because: Fixed formatting
  • 2 Contributors
  • 3 Replies
  • 227 Views
  • 8 Hours Discussion Span
  • Latest Post Latest Post by diafol

Recommended Answers

All 3 Replies

Member Avatar for diafol

headers can be spoofed so $_SERVER variables aren't foolproof. Using a hash in the url based on a session could prove helpful

predetermined.com/url?id=var&conf=hash

Member Avatar for DaveyMoyes

Hi, how would i check if the url is from predetermined.com/url?id=var&conf=hash

Member Avatar for diafol

Oh drat. I misread the question - sorry. I assumed it was something else. Too many late nights! Do you own the predetermined site or have any access to the url that is created? i.e. could you change the querystring to suit your needs?

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.