preventing direct access to a php page, only access if redirected

What if everytime you were going to redirect you saved a value in the $_SESSION variable. So you have

//code
$_SESSION['fromMain'] = "true";
header("Location: noaccess.php");

Then in noaccess.php put

if($_SESSION['fromMain'] == "false"){
   //send them back
   header("Location: foo.php");
}
else{
   //reset the variable
   $_SESSION['fromMain'] = "false";
}

I really don't know if this would work or not, but this is what I would try off the top of my head.


try this

if (!isset($_SERVER['HTTP_REFERER'])){

   echo "uh?"; }

else {

   // The script
 }  

I think you're probably coming at the problem from the wrong direction, but if you really want to implement this I'd most likely do it with a session variable. Just have main.php set a flag indicating that they're now able to access noaccess.php and then redirect there. noaccess.php checks for the flag, and only functions if it's been set.

Tags:

Php