Im using sessions to be sure that in order for a person to get to page2.php?id=5 they must come from page1.php?id=5. It's working great. If you try to access page2.php?id=5 from a direct address or from another link it will deny you access. However, if user 5 is directed to page2.php?id=5 from page1.php?id=5, they can still type in id=6, id=7, etc. and be able to access all the other users pages if they have not closed their browser window. I know there must be a way to prevent this. Is the session not ending properly or something? (Im very new to sessions btw) Thank you for your help!
Rather than pass id as a query string to page2.php, you should store it in the session: page1.php session_start(); $_SESSION['id'] = $_GET['id']; PHP: page2.php: session_start(); $id = $_SESSION['id']; PHP: That way they get no choice about which page they are shown. Keep in mind that this is just example code which has to be merged with the code you already have for locking out people who don't come from page1.
Thats what I have been trying to do- store the users ID in the session but I cant figure it out. On page1.php, the user ID is saved as $id. So, I have been trying: session_start(); $_SESSION["$id"] = true; (I tried it with and without the "") Then on page2.php, I try: session_start(); if(!$_SESSION["$id"]) { die("You came from the wrong page!"); } The users ID on page2.php is the same as page1.php, so wherever the session is gathering the ID from shouldnt make a difference. If somebody would be willing to work with me on this to get it to work, Id be happy to send them $10 via PayPal. Like I said, the session is working when its given a specific name, but once they are directed to page2.php, they can modify the URL and access all the other users pages.
You are using the session hash improperly. Use page1.php: session_start(); $_SESSION['id'] = $_GET['id']; PHP: page2.php: session_start(); if (!isset ($_SESSION['id'])) { // the user is not logged in. Go to page1.php or wherever //... } else { $id = $_SESSION['id'] // Generate the page for the user with id = $id } PHP: It's not what you intend to use $_SESSION["$id"], don't do it! You don't have to send me $10 via paypal, just let me know if it worked for you.
I get "undexpected =" on page 1 and page 2 is wide open- can access from anywhere. Im going to remove what I put in and get it back to just two completely seperate pages and start over.
The code I posted will show you how to use sessions properly. If you remove all session-handling code from your files and add just that code at the top of each file, it may surprise you and work. Remember to clear your cookies to get rid of your existing session, or page2.php will appear to be wide open.
I removed everything and Im putting your code in from scratch. Ill see how it does. Thank you for helping me on this.
I inserted exactly what you posted above and it does the same thing that the static-named session was doing before. It refers properly but if you change id # in the URL without closing the browser window, you can go anywhere you want.
1. Don't pass the id in the URL to page2.php anymore 2. Make sure register_globals is set to "off" in your php.ini 3. Make sure page2.php does not pull $id from the $_GET array 4. If it's still not working, post your code