Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

restrict page access to one referring page

0 views
Skip to first unread message

tomrue

unread,
Jun 30, 2008, 2:57:00 PM6/30/08
to
I'm looking for a way to prevent access to a web page except from a
particular referring page.

What I am trying to do is prevent access to a download page for anyone
who has not successfully completed an online quiz.

Any ideas on how to this in php (using Drupal) would be most
appreciated.

Thanks.

Tom

Geoff Berrow

unread,
Jun 30, 2008, 3:46:39 PM6/30/08
to
Message-ID:
<71c7012d-449e-4344...@d45g2000hsc.googlegroups.com> from
tomrue contained the following:

>What I am trying to do is prevent access to a download page for anyone
>who has not successfully completed an online quiz.
>
>Any ideas on how to this in php (using Drupal) would be most
>appreciated.

Sessions or cookies.

--
Geoff Berrow 0110001001101100010000000110
001101101011011001000110111101100111001011
100110001101101111001011100111010101101011

tomrue

unread,
Jun 30, 2008, 3:58:50 PM6/30/08
to
Using Drupal 6.x, I believe either sessions or cookies would work, but
I am not sure.


On Jun 30, 3:46 pm, Geoff Berrow <blthe...@ckdog.co.uk> wrote:
> Message-ID:
> <71c7012d-449e-4344-9a85-8ba035064...@d45g2000hsc.googlegroups.com> from

Geoff Berrow

unread,
Jun 30, 2008, 6:33:22 PM6/30/08
to
Message-ID:
<b2a9b6d4-c8f1-4174...@y38g2000hsy.googlegroups.com> from
tomrue contained the following:

>Using Drupal 6.x, I believe either sessions or cookies would work, but
>I am not sure.

So..ummm..try it?
--
Regards,

Geoff Berrow

tomrue

unread,
Jun 30, 2008, 8:15:55 PM6/30/08
to
That's a very helpful suggestion. The problem, for me, unfortunately,
is that I don't know how to do it. Hence my question.

Thanks.

Tom


On Jun 30, 6:33 pm, Geoff Berrow <blthe...@ckdog.co.uk> wrote:
> Message-ID:

> <b2a9b6d4-c8f1-4174-b1f0-2ce886a90...@y38g2000hsy.googlegroups.com> from

netstreamer

unread,
Jun 30, 2008, 8:23:51 PM6/30/08
to
On Jun 30, 6:33 pm, Geoff Berrow <blthe...@ckdog.co.uk> wrote:
> Message-ID:
> <b2a9b6d4-c8f1-4174-b1f0-2ce886a90...@y38g2000hsy.googlegroups.com> from

> tomrue contained the following:
>
> >Using Drupal 6.x, I believe either sessions or cookies would work, but
> >I am not sure.
>
> So..ummm..try it?
> --
> Regards,
>
> Geoff Berrow

You could definitely use a session variable to keep track of where
you're coming from. The other way of doing this is to use hidden html
fields with known values, one per page. Have a function which checks
what the value of the hidden field is and knocks you out of the page
if you didn't come from the correct previous page.

Jerry Stuckle

unread,
Jun 30, 2008, 8:43:57 PM6/30/08
to
tomrue wrote:
> On Jun 30, 6:33 pm, Geoff Berrow <blthe...@ckdog.co.uk> wrote:
>> Message-ID:
>> <b2a9b6d4-c8f1-4174-b1f0-2ce886a90...@y38g2000hsy.googlegroups.com> from
>> tomrue contained the following:
>>
>>> Using Drupal 6.x, I believe either sessions or cookies would work, but
>>> I am not sure.
>> So..ummm..try it?
>> --
>> Regards,
>>
>> Geoff Berrow
>
>
> That's a very helpful suggestion. The problem, for me, unfortunately,
> is that I don't know how to do it. Hence my question.
>
> Thanks.
>
> Tom
>
>

(Top posting fixed)

Yes, a session variable is the way to go. A cookie would be second, IMHO.

Both ways can be implemented in Drupal. For more help on how to do it
in Drupal, check the Drupal user forums. I've found them to be very helpful

And please don't top post.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstu...@attglobal.net
==================

FutureShock

unread,
Jun 30, 2008, 8:49:03 PM6/30/08
to
I am not familiar at all with Dupral or what it even is but here is the
basic for PHP.

1. On the Quiz page start a session

<?php
session_start();

(This had to be the first thing sent on the page before ANY output, even
a space or header)

2. On the Quiz page set your session variable

$_SESSION['authenticated'] = 'yes';

(Now where you set this variable is up to you. Set it at the top and you
will just know if the person has been to the page, if you want to make
sure they have done something particular on the page you will have to
add it to that process when they are done)

3. On the second page check for the session variable
<?php
session_start(); (before any output remember)
if($_SESSION['authenticated'] != 'yes') {
*** redirect code ***
}

This is super simplicated but will work is the basic of ways.

This will also work with cookies, but if the cookie you are comparing it
to is the same for anyone, it would be easy to spoof the cookie process
and get in anyhow.

Good luck.

Scotty

Geoff Berrow

unread,
Jul 1, 2008, 3:11:49 AM7/1/08
to
Message-ID:
<d13ffd7f-9315-46ee...@i76g2000hsf.googlegroups.com> from
tomrue contained the following:

>That's a very helpful suggestion. The problem, for me, unfortunately,


>is that I don't know how to do it. Hence my question.

I wasn't being deliberately unhelpful. There are plenty of PHP tutorials
around which will show you how to use sessions or cookies. Se my own
examples for cookies below.

I suggested cookies because I thought it would be simpler for you to
decide when they expire.

For cookies
http://www.ckdog.co.uk/phpcourse/Lesson6/remember.php

Code
http://www.ckdog.co.uk/phpcourse/Lesson6/remember.phps
http://www.ckdog.co.uk/phpcourse/Lesson6/remember2.phps

--
Regards,

Geoff Berrow

the_mighty_...@hotmail.com

unread,
Jul 2, 2008, 2:58:24 PM7/2/08
to
On Jul 1, 8:11 am, Geoff Berrow <blthe...@ckdog.co.uk> wrote:
> Message-ID:
> <d13ffd7f-9315-46ee-97dc-96067c246...@i76g2000hsf.googlegroups.com> from

> tomrue contained the following:
>
> >That's a very helpful suggestion. The problem, for me, unfortunately,
> >is that I don't know how to do it. Hence my question.
>
> I wasn't being deliberately unhelpful. There are plenty of PHP tutorials
> around which will show you how to use sessions or cookies. Se my own
> examples for cookies below.
>
> I suggested cookies because I thought it would be simpler for you to
> decide when they expire.
>
> For cookieshttp://www.ckdog.co.uk/phpcourse/Lesson6/remember.php
>
> Codehttp://www.ckdog.co.uk/phpcourse/Lesson6/remember.phpshttp://www.ckdog.co.uk/phpcourse/Lesson6/remember2.phps
>
> --
> Regards,
>
> Geoff Berrow

My suggestion as an alternative would be to have a regular expression
at the top of your download page that checks the page refferal. I'd
call the page .inc.php and include it when it should be displayed. The
regular expression would test for the .inc.php in the request for the
page and reject it if its found. That would mean someone is trying to
view it directly by opening the page (eg download.inc.php) rather than
from the point you want to view it.

It does mean that you would need another place from which to use an
include() on the download page. So on the submission of the last page
of the quiz, the php handler for the form (i'm assuming there is a
form involved in your quiz pages) would simply have
include("download.inc.php"); as the only action to perform.

Sorry if this isn't clear, a session/cookie variable to track the quiz
status is far simpler if your quiz isn't setup in a compatible way.

Regular expression (Not very PHP5 way of doing it I know you could use
a different server array)

if (eregi(".inc.php",$HTTP_SERVER_VARS['PHP_SELF']) ||
eregi(".inc.php",$_SERVER['PHP_SELF'])) {
echo "<html>\r\n<head>\r\n<title>Forbidden 403</title>\r\n</head>\r
\n<body><h3>Forbidden 403</h3>\r\nThe document you are requesting is
forbidden.\r\n</body>\r\n</html>";
exit;
}

This will only allow the file to be included and not directly viewed.
Clear as mud :-)

Regards,
John

0 new messages