how can I ensure a PAGE2.php is opened only after viewing PAGE1.php AND is opened in HTTPS?

**Tom Thackrey** · Jul 17 '05, 01:13 AM

Re: how can I ensure a PAGE2.php is opened only after viewing PAGE1.php AND is opened in HTTPS?

On 19-Nov-2003, "NotGiven" <noname@nonegiv en.net> wrote:
[color=blue]
> I have a web page where certain pages have to be opened in a certain order
> and should only be available when the user openes them in HTTPS.
>
> They are all forms and the form action sends you to the next https:// page
> but you can also take the S out of https:// and it opens also. That's
> what
> I need to avoid as well as making certain they got to a certain page FROM
> a
> certain page.
>
> When I try:
> if (isset($_SERVER['HTTPS']!='on'))
> it crashes and is not even listed on php.net as a valid variable.[/color]

Either hide something in a field on the page that you check in the next page
(if your hidden field isn't in the $_POST array you know the user didn't
come from that page) or use sessions.

--
Tom Thackrey

6072 Creative Light

https://www.creative-light.com

tom (at) creative (dash) light (dot) com
do NOT send email to jamesbutler@wil lglen.net (it's reserved for spammers)

**Eric Kincl** · Jul 17 '05, 01:13 AM

Re: how can I ensure a PAGE2.php is opened only after viewing PAGE1.php AND is opened in HTTPS?

Tom Thackrey wrote:
[color=blue]
>
> On 19-Nov-2003, "NotGiven" <noname@nonegiv en.net> wrote:
>[color=green]
>> I have a web page where certain pages have to be opened in a certain
>> order and should only be available when the user openes them in HTTPS.
>>
>> They are all forms and the form action sends you to the next https://
>> page
>> but you can also take the S out of https:// and it opens also. That's
>> what
>> I need to avoid as well as making certain they got to a certain page FROM
>> a
>> certain page.
>>
>> When I try:
>> if (isset($_SERVER['HTTPS']!='on'))
>> it crashes and is not even listed on php.net as a valid variable.[/color]
>
> Either hide something in a field on the page that you check in the next
> page (if your hidden field isn't in the $_POST array you know the user
> didn't come from that page) or use sessions.
>[/color]
You could do it with sessions.

on the first page: (start the sessions and all that good stuff)
$_SESSION['pageone'] = true

on page two:
if($_SESSION['pageone'] == true){
$_SESSION['pagetwo'] = true;
pagetwostuff();
}
else{
echo "Please visit page one first!";
echo "<a href="pageone"> page one</a>";
}

continue if you have page 3, etc...
if($_SESSION['pageone'] == true && $_SESSION['pagetwo'] == true)

if you have lots of pages in sequence, you may want to figure out a way to
do this with an array instead of individual arrays. ie:
pages[0] == true; // visited page one
pages[1] == true; // visited page two
pages[2] == false; // didnt visit page three/on page 3 perhaps?
pages[3] == false; // didnt visit page four

Good Luck!

-Eric Kincl

**Thi Nguyen** · Jul 17 '05, 01:14 AM

Re: how can I ensure a PAGE2.php is opened only after viewing PAGE1.php AND is opened in HTTPS?

You could also look into the referer and see whether it came from
https://yourdomain.com/page1.php or not, etc etc

"Tom Thackrey" <use.signature@ nospam.com> wrote in message
news:vuOub.3266 5$Hl4.15862@new ssvr25.news.pro digy.com...[color=blue]
>
> On 19-Nov-2003, "NotGiven" <noname@nonegiv en.net> wrote:
>[color=green]
> > I have a web page where certain pages have to be opened in a certain[/color][/color]
order[color=blue][color=green]
> > and should only be available when the user openes them in HTTPS.
> >
> > They are all forms and the form action sends you to the next https://[/color][/color]
page[color=blue][color=green]
> > but you can also take the S out of https:// and it opens also. That's
> > what
> > I need to avoid as well as making certain they got to a certain page[/color][/color]
FROM[color=blue][color=green]
> > a
> > certain page.
> >
> > When I try:
> > if (isset($_SERVER['HTTPS']!='on'))
> > it crashes and is not even listed on php.net as a valid variable.[/color]
>
> Either hide something in a field on the page that you check in the next[/color]
page[color=blue]
> (if your hidden field isn't in the $_POST array you know the user didn't
> come from that page) or use sessions.
>
> --
> Tom Thackrey
> www.creative-light.com
> tom (at) creative (dash) light (dot) com
> do NOT send email to jamesbutler@wil lglen.net (it's reserved for spammers)[/color]

**FLEB** · Jul 17 '05, 01:14 AM

Re: how can I ensure a PAGE2.php is opened only after viewing PAGE1.php AND is opened in HTTPS?

On Wed, 19 Nov 2003 18:01:41 -0800, Thi Nguyen wrote:
[color=blue]
> You could also look into the referer and see whether it came from
> https://yourdomain.com/page1.php or not, etc etc
>
>
>
> "Tom Thackrey" <use.signature@ nospam.com> wrote in message
> news:vuOub.3266 5$Hl4.15862@new ssvr25.news.pro digy.com...[color=green]
>>
>> On 19-Nov-2003, "NotGiven" <noname@nonegiv en.net> wrote:
>>[color=darkred]
>>> I have a web page where certain pages have to be opened in a certain[/color][/color]
> order[color=green][color=darkred]
>>> and should only be available when the user openes them in HTTPS.
>>> (snip)[/color][/color][/color]

Watch that, though... referers are sent by the browser, and can be easily
faked or omitted.
--
-- Rudy Fleminger
-- sp@mmers.and.ev il.ones.will.bo w-down-to.us
(put "Hey!" in the Subject line for priority processing!)
-- http://www.pixelsaredead.com

**Jonathan** · Jul 17 '05, 01:17 AM

Re: how can I ensure a PAGE2.php is opened only after viewing PAGE1.php AND is opened in HTTPS?

> They are all forms and the form action sends you to the next https:// page[color=blue]
> but you can also take the S out of https:// and it opens also. That's[/color]
what[color=blue]
> I need to avoid as well as making certain they got to a certain page FROM[/color]
a[color=blue]
> certain page.
>
> When I try:
> if (isset($_SERVER['HTTPS']!='on'))
> it crashes and is not even listed on php.net as a valid variable.[/color]

Try this instead:

if (isset($_SERVER['HTTPS'])!='on')

Bye,
Jonathan

**NotGiven** · Jul 17 '05, 01:17 AM

Re: how can I ensure a PAGE2.php is opened only after viewing PAGE1.php AND is opened in HTTPS?

That caused page failure. I can't find anything anywhere that talks about
HTTPS being a parameter in $_SERVER

Thanks.

"Jonathan" <jonathan@trico lon.com> wrote in message
news:3fbfc77e$0 $1494$e4fe514c@ news.xs4all.nl. ..[color=blue][color=green]
> > They are all forms and the form action sends you to the next https://[/color][/color]
page[color=blue][color=green]
> > but you can also take the S out of https:// and it opens also. That's[/color]
> what[color=green]
> > I need to avoid as well as making certain they got to a certain page[/color][/color]
FROM[color=blue]
> a[color=green]
> > certain page.
> >
> > When I try:
> > if (isset($_SERVER['HTTPS']!='on'))
> > it crashes and is not even listed on php.net as a valid variable.[/color]
>
> Try this instead:
>
> if (isset($_SERVER['HTTPS'])!='on')
>
> Bye,
> Jonathan
>
>[/color]

**Jonathan** · Jul 17 '05, 01:18 AM

Re: how can I ensure a PAGE2.php is opened only after viewing PAGE1.php AND is opened in HTTPS?

[color=blue]
> That caused page failure. I can't find anything anywhere that talks about
> HTTPS being a parameter in $_SERVER
>
> Thanks.
>[color=green]
> > if (isset($_SERVER['HTTPS'])!='on')[/color][/color]

Sorry, my mistake ;) If a var is not set then it will definately not contain
the value 'on'. So you can just use this:

if ($_SERVER['HTTPS']!='on')

Bye,
Jonathan

**Janwillem Borleffs** · Jul 17 '05, 01:18 AM

Re: how can I ensure a PAGE2.php is opened only after viewing PAGE1.php AND is opened in HTTPS?

"Jonathan" <jonathan@trico lon.com> schreef in bericht
news:3fc09484$0 $1505$e4fe514c@ news.xs4all.nl. ..[color=blue]
>
> Sorry, my mistake ;) If a var is not set then it will definately not[/color]
contain[color=blue]
> the value 'on'. So you can just use this:
>
> if ($_SERVER['HTTPS']!='on')
>[/color]

This line will throw a warning when the key doesn't exist with the proper
error reporting level. Therefore, it's saver, and also good practice, to use
isset to check if the variable has been set:

if ( isset($_SERVER['HTTPS']) && $_SERVER['HTTPS']!='on' )

JW

**R. Rajesh Jeba Anbiah** · Jul 17 '05, 01:18 AM

Re: how can I ensure a PAGE2.php is opened only after viewing PAGE1.php AND is opened in HTTPS?

"Janwillem Borleffs" <jw@jwscripts.c om> wrote in message news:<3fc0a241$ 0$202$1b62eedf@ news.euronet.nl >...[color=blue]
> "Jonathan" <jonathan@trico lon.com> schreef in bericht
> news:3fc09484$0 $1505$e4fe514c@ news.xs4all.nl. ..[color=green]
> >
> > Sorry, my mistake ;) If a var is not set then it will definately not[/color]
> contain[color=green]
> > the value 'on'. So you can just use this:
> >
> > if ($_SERVER['HTTPS']!='on')
> >[/color]
>
> This line will throw a warning when the key doesn't exist with the proper
> error reporting level. Therefore, it's saver, and also good practice, to use
> isset to check if the variable has been set:
>
> if ( isset($_SERVER['HTTPS']) && $_SERVER['HTTPS']!='on' )[/color]

AFAIK, 'on' is not guaranteed. So,
$is_https = (!empty($_SERVE R['HTTPS'])); is the correct check (IMHO)

---
"Dying is an art, like everything else"---Sylvia Plath
Email: rrjanbiah-at-Y!com

how can I ensure a PAGE2.php is opened only after viewing PAGE1.php AND is opened in HTTPS?

how can I ensure a PAGE2.php is opened only after viewing PAGE1.php AND is opened in HTTPS?

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment