Redirect / return in PHP

Question

Redirect / return in PHP

I have a site running in PHP and I have a page (say confirm.php)

And I just want to allow users who land on confirm.php from the page I specified (e.g. register.php), can I know if this can be achieved?

Regards, Andy.

+3

redirect php

cherhan Jun 07 '11 at 14:18

source share

5 answers

HTTP - , .

- PHP, , .

register.php

<?php
session_start();

// some other code

$_SESSION['stateKey'] = sha1(time() . mt_rand()); // save a randomly created key

header('Location: confirm.php?key=' . $_SESSION['stateKey']);
?>

confirm.php

<?php
session_start();

if($_SESSION['stateKey'] == $_GET['key']){
    // pass, do things here
}

?>

+1

mauris 07 . '11 14:24

: $_SERVER['HTTP_REFERER'] header ...

0

metaforce 07 . '11 14:20

$_SERVER ['HTTP_REFERREF'] script, script

0

zim32 07 . '11 14:20

$_SERVER['HTTP_REFERER']

Additional information: here

0

Arda Jun 07 '11 at 14:21

source share

alexn · Accepted Answer · 2011-06-07T14:21:48+0000

You cannot rely on HTTP REFERER because users can manipulate it and browsers may refuse to send it.

The only “safe” way would be to set the session variable to register.php and check if this variable is set to confirm.php. Something like that:

register.php:

session_start();
$_SESSION['valid_user'] = true;

confirm.php:

session_start();
if(!isset($_SESSION['valid_user'])) {
    die("You did not come from the page i specified!");
}

, register.php, register.php.

HTTP , . , , . ?

Redirect / return in PHP

register.php

confirm.php

More articles: