|
Posted by Jerry Stuckle on June 2, 2008, 3:14 pm
Please log in for more thread options
Sudhakar wrote:
> i have a registration page called register.php if the data entered is
> validated correctly i call a file called thankyou.php or else
> validate.php
>
> presently a user after seeing the url website.com/thankyou.php if they
> enter the url directly in the browser as website.com/thankyou.php they
> can access the file, if a user accesses the file this way i would like
> to redirect to a page saying "Direct acess to this file is not
> allowed"
>
> previously i used sessions in register.php and also in thakyou.php and
> validate.php and it worked fine for some reason now it is not working
> the way it is supposed to i might have made some changes which i do
> not know
>
> previously my code in register.php was, the first few lines of
> register.php file
> =====================================================================
> <?php
> ob_start();
> session_start();
> if(!session_is_registered("directaccess"))
> {
> session_register("directaccess");
> }
> // rest of the html and php code
> ob_end_flush();
> ?>
> =====================================================================
> code in thankyou.php, the first few lines of register.php file
> =====================================================================
> <?php
> session_start();
> if(!session_is_registered("directaccess"))
> {
> header("Location: http://website.com/directaccess.html");
> exit;
> }
> // rest of the html and php code
> ob_end_flush();
> ?>
> =====================================================================
> NOTE = in thankyou.php i display a thank you message by retrieving the
> first name from register page and displaying in thankyou.php using
> session variables in the following way
>
> in register.php, the first few lines of register.php file
> =====================================================================
> if(!session_is_registered("firstname"))
> {
> session_register("firstname ");
> }
> $_SESSION[firstname] = $ firstname;
> =====================================================================
>
> in thankyou.php, the first few lines of register.php file
> =====================================================================
> if(session_is_registered("firstname "))
> {
> echo $_SESSION[firstname];
> session_unregister("firstname ");
> }
> =====================================================================
>
> please advice how i should rewrite the php code in both the
> files(register.php and thankyou.php) so that if a user enters the url
> directly in the browser i can redirect to directaccess.html file
>
> thanks.
Several comments.
First of all, don't use ob_start() and ob_end_flush(). They aren't
needed and can hide problems. Rather, just don't send anything (even
whitespace) before calling session_start().
Also, session_register() and session_is_registered() are deprecated (and
depend on register_globals being set in your php.ini, which is a big
no-no. Rather, use the $_SESSION variable. Something like:
=====================================================================
<?php
session_start();
// When you want to set 'directaccess' in the session, use:
$_SESSION['directaccess'] = (some value here)
?>
=====================================================================
code in thankyou.php, the first few lines of register.php file
=====================================================================
<?php
session_start();
if (!isset($_SESSION['directaccess')) {
header("Location: http://website.com/directaccess.html");
exit;
}
// rest of the html and php code
?>
=====================================================================
NOTE = in thankyou.php i display a thank you message by retrieving the
first name from register page and displaying in thankyou.php using
session variables in the following way
in register.php, the first few lines of register.php file
=====================================================================
$_SESSION[firstname] = $firstname;
// The rest isn't needed
=====================================================================
in thankyou.php, the first few lines of register.php file
=====================================================================
if(isset($_SESSION['firstname'))
{
echo $_SESSION[firstname];
}
// Also, you had a space after "firstname " here - which is incorrect
=====================================================================
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================
| 
XML Sitemap