Web Analytics Made Easy -
StatCounter Is it possible to only display PHP file if navigated to from only one page? - CodingForum

Announcement

Collapse
No announcement yet.

Is it possible to only display PHP file if navigated to from only one page?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Is it possible to only display PHP file if navigated to from only one page?

    I always have a hard time getting what I want to say across in the titles!

    Anyway, I am working on a clients site, who is a photographer. The delimma we have is that he wants to allow visitors to the site to see his pricing lists and other forms; however, only after they fill out a form. There is a bit of competition here in that industry and he is afraid that competitors would simply get his price list and adjust their prices to undershoot him. I can understand that.

    Now, the issue is that he wants to make the lists semi-private and will not even tell users that they would get access to the lists if they fill in the contact form. It is presented as "Get more information" and as such most users who would want the lists would fill that form out.

    Anyway, I am using formmail.php (which is awesome by the way) and once the user completes the form, the confirmation page will give them links to download the pricing info.

    I know, his competitors could still get the info this way, but he is okay with that.

    So my question is this - the confirmation page is going to be public, but not indexed (by using robots.txt) and will probably have an obscure file name.

    However, I was wondering - is there a way with php to only display this page ONLY if the user got there by filling out the form and not by somehow getting there via direct link? I hope that makes sense.

    Mike

  • #2
    Is it possible to only display PHP file if navigated to from only one page?
    Yes.

    is there a way with php to only display this page ONLY if the user got there by filling out the form and not by somehow getting there via direct link? I hope that makes sense.
    Yup!

    How you ask? PHP's wonderful predefined variables come to the rescue!

    In a simple way, you can use the $_SERVER['HTTP_REFERER'] to check and see if the person in question has come from a specific page.

    HTTP_REFERER returns the web address of the website that referred you to the page you're currently on. If a user went directly to the page, they wouldn't have any luck. They've got to click on the link.

    So, for example:

    pricelist.php
    PHP Code:
    <?php

    if( $_SERVER['HTTP_REFERER'] == "http://mydomain.com/formmail.php" ){
         
    // The user was referred by the correct page, so you're good to go
         
    echo( "Thanks for not trying to cheat us!" );
         exit;
    }else{
         
    // The user did not come from the right page, so show an error
         
    echo( "Haha, nice try. Maybe next time?" );
         exit;
    }

    ?>
    Alternatively, you could use sessions or cookies. Due to the fact I'm on a diet, we'll go with sessions:

    formmail.php
    PHP Code:
    <?php

    // All your form mailer scripts here

    // After the mail is sent, set the session variable:

    // Declare your session start, you cannot do any session activities until you do
    session_start();
    $_SESSION['mailSent'] = TRUE;

    exit;

    ?>
    pricelist.php

    PHP Code:
    <?php

    session_start
    ();
    if( 
    $_SESSION['mailSent'] != TRUE ){
         
    //This means either the variable is false, or not set at all!
         
    echo( "Haha! Nice try, again! Oh well." );
         exit;
    }else{
         
    // Show your price list
         
    echo( "Thanks for coming here after your mail was sent" );
    }

    ?>
    I think these two options are your best bets. You can try messing around with session_ids, encrypted URLs, encrypted queries - but it sounds to me that since you're not looking for crazy security these will work well for you.

    If you're confused on sessions, or just unfamiliar with them, then check this tutorial out.

    Hope this helps!
    Last edited by ShaneC; Apr 7, 2009, 02:26 AM. Reason: Added a tutorial link
    Unless otherwise stated, any code posted is most likely untested and may contain syntax errors.

    Comment


    • #3
      Fantastic - and you are correct that I do not need crazy security on this. Now my only question is that instead of displaying a message - I want to display a page. Actually since I have already created a fully coded Thank-You page (which is what had these downloads on them) I would rather not integrate all the php tags and syntax into all the html. So what I would like to do is the following:

      User submits form - all entries are correct - user gets redirected from the formmail.php script to the Thank-You page.

      The TY page checks to see if they were referred from the correct and ONLY place(formmail.php). If not - redirect to mean message

      If they have come from the right place - then display the page. Is this possible to do without having to echo all the HTML elements within the TY page?

      Would this require an intermediate redirection php file? This is not a problem, but I do not want to have extra server activity if I do not have to.

      Thanks again for the help. I am long time HTML developer, but just recently got into PHP (and I love it!)

      Mike

      Comment


      • #4
        Also, as far as the sessions - it makes sense as to how it works. However, I am not sure how to implement it into my site. Here is what I think I should do - please correct me if I am wrong.

        Would the session_start go in my formmail.php file, or would it go into my contact page? Where would I assign the variable? Would I assign it onSubmit? Or would I assign it in the formmail.php?

        And then the question remains, how can I use it in the Thank-You page to only display it if the session variable is set?

        Mike

        Comment


        • #5
          Mike,

          First things first, just so you know the messages I put in there were just to illustrate what happened in that particular if/else instance. You can take the messages out, change them, or turn them into a giraffe - if you so wish.

          Since you're interested in sessions, lets pursue that option. The function session_start(); must be called on every page you intend to use sessions. session_start(); is essentially telling the server: "Hey, get that session information you're holding on to for me 'cause we're gonna be using it on this page!"

          For the sake of clarity I recommend you put your price list in a separate file, with an obscure file name, on your server. You will then use the PHP function require(); to include it on your page. It would also be beneficial if you had your error text in a separate page.

          So, in line with that, let's create our pages with the HTML. I'm going to call the price list page "obscurePriceListFile.tpl" and the error message "priceListErrorMessage.tpl." Notice how I'm using the .tpl extension - this is just my own personal naming convention as PHP will include any of those pages as PHP/HTML. If you wanted you could call the page "priceList.zebra."

          obscurePriceListFile.tpl
          Code:
          <html>
          <head>
               <title>My Price List</title>
          </head>
          <body>
               Price 1 - $10.00
               Price 2 - $20.00
               Price 3 - 100 Billion Dollars
          </body>
          </html>
          priceListErrorMessage.tpl
          Code:
          <html>
          <head>
               <title>Error!</title>
          </head>
          <body>
               Error! You are attempting to access this page without prior authorization. As a result your request has been blocked. Sorry!
          </body>
          </html>
          We'll assume these files are in the same web-directory as the formmail.php and thankyou.php.

          We can then create formmail.php.

          formmail.php
          PHP Code:

          // Up until this point you have all your form mail settings. At the end of all this, right before you redirect to your thank you page, you include your code:

          session_start();
          $_SESSION['mailSent'] = TRUE;

          // After the session is set, redirect to your thank you page
          header'location: thankyou.php' );
          exit;

          ?> 
          Once on your thank you page, you will have to once again call the session (telling the computer we're dealing with sessions) and then check to see if the user submitted mail. If they did, include the price list. If not, show the error:

          thankyou.php
          PHP Code:
          <?php

          // You can have all your thank you page stuff here. Then, when you're ready to show the price list, include this code:

          session_start();
          if( 
          $_SESSION['mailSent'] == TRUE ){
               
          // Require will include the HTML or PHP of the file you specify. This path is relative (ie currently this is in the same directory. If I had /templates/filename.tpl it would then go to the root of the web directory, go into the templates folder, and then include filename.tpl
               
          require( 'obscurePriceListFile.tpl' );
               exit;
          }else{
               require( 
          'priceListErrorMessage.tpl' );
               exit;
          }

          ?>
          And you're done! If I used any functions here you don't recognize just look them up on PHP.net.

          Unclear about the relative paths? Check this tutorial out.

          Still need clarification? Just let me know!

          Hope this helps
          Last edited by ShaneC; Apr 7, 2009, 10:18 PM.
          Unless otherwise stated, any code posted is most likely untested and may contain syntax errors.

          Comment


          • #6
            Fantastic! I understand every bit of this. However, the only thing that I am unsure of is where to actually put this code in my formmail.php. I am actually using a formmail.php file that works really well, but that I did not write - from tectite.com. It has A LOT of code and I am not sure where to put this. Formmail.php is actually called from my contact form page. In fact you can kinda check out the source here: alpineonline.com/html/contact.php.

            So, are you saying to add the code in the formmail php form processor, or at the end of the form itself (on contact.php)?

            Also, I have my price list as a download among other downloads on the Thank You page, but I think that is what you are referring to here. If you can tell me where to add the session code then I could play with the rest of it. If it helps, here is sort of a pseudo-process of what goes on.

            The major players:
            contact.php (houses the form itself, with JQuery validation)

            formmail.php (we get here as a result of the form action - this does all the work of processing the form, cheking for errors, updating database, sending emails, etc. - again this is implemented from another author - I have only changed variables for configuration but nothing else)

            thank-you.php (where they get if formmail completes successfully - this has HTML at the top thanking the user - then has a list of documents that are linked and can be clicked on and downloaded.)

            formerror.php (user gets here if there is an error with their form submission). I have created this page and know it works, but I have not been able to get to it unless I navigate correctly. The client side validation is pretty good and there is pretty much no way they can pass error filled information through formmail.php.

            Finally, I have formmail.php display and naughty message if they try to access it directly.

            Hope that helps some. Thanks.

            Mike

            Comment

            Working...
            X