php - HTTP_REFERER woes: How can I allow access to a specific page, only when a visitor has visited another specific page beforehand? -


php newbie here, struggling crazy head around how go implementing http_referer-based security feature woefully inept downloads system.

basically, have file download pages have specific string appended end of url, specific string being:

?thanks

if visible in url, users able download file situated on it. works great, it's easy 'unlock' page adding '?thanks' part onto url themselves. allowing users bypass clumsy security , access premium files ease.

if possible, i'd add security measure whereby attempting access page containing string '?thanks' did not arrive page containing '?pending' redirected homepage. make perfect solution me.

just clarity, typical pre-download process goes this:

  • user visits download page: [website]/download/page/123/
  • user completes recaptcha, gets redirected here: [website]/download/page/123/?pending
  • user fills in details, gets redirected here: [website]/download/page/123/?thanks
  • user receives file

long-winded, yes, more ideal unusual requirements. know users can around first appending '?pending' url , appending '?thanks' afterwards, still really, no end.

so, stackoverflow, can of wizened , kindly coders fledgling web designer out? thank , help. cheers guys.

edit: oh, , here's 1 failed method last attempted bombed horribly, in case helps further illustrate goal:

if (('http://'.$_server['http_host'].$_server['request_uri'] == wp_get_shortlink().'?thanks') && (isset($_server['http_referer']) && preg_match("/".preg_quote('?pending',"/")."/i",$_server['http_referer']))) {     echo 'hurrah!'; } else {     echo 'oh dear.'; }

if depends on information in request itself, there's no way enforce you're trying do. referer arbitrary request header.

what need actual server side state. open session user, give process he's going through random unique id carried across each page in process , save progress , messages displayed next in session.


Comments

Post a Comment

Popular posts from this blog

monitor web browser programmatically in Android? -

i've got tricky question here. need users make payment bank (namely barclaycard) in uk. so, have https url , add parameters (such amount pay, order reference, etc) url, start http connection intent.actionview, redirect user browser can enter credit card details on bank's webpage , make payment our account successfully. far ? the code use below (i changed values privacy reasons) problem is, need app when user has completed/failed/cancelled payment. barclaycardautomatically redirects particular url when payment has succeeded, 1 if failed. there no way of knowing when barclaycard payment has succeeded go android app somehow ? button cardbutton = (button) findviewbyid(r.id.card_button); cardbutton.setonclicklistener(new view.onclicklistener() { @override public void onclick(view arg0) { string prehashstring = new string(); string prohashstring = new string(); string shapassphrase = new string(); shapassphrase = "gsvth£h70zkh...
Read more

Shrink a YouTube video to responsive width -

i have youtube video embedded on our website , when shrink screen tablet or phone sizes stops shrinking @ around 560px in width. standard youtube videos or there can add code make go smaller? you can make youtube videos responsive css. wrap iframe in div class of "videowrapper" , apply following styles: .videowrapper { float: none; clear: both; width: 100%; position: relative; padding-bottom: 56.25%; padding-top: 25px; height: 0; } .videowrapper iframe { position: absolute; top: 0; left: 0; width: 100%; height: 100%; } the .videowrapper div should inside responsive element. padding on .videowrapper necessary keep video collapsing. may have tweak numbers depending upon layout.
Read more

wpf - PdfWriter.GetInstance throws System.NullReferenceException -

i'm trying create pdf document using itextsharp 5.3.4 using following document document = new document(); filestream stm = new filestream(filename, filemode.create); pdfwriter writer = pdfwriter.getinstance(document, stm); i'm getting system.nullreferenceexception following stack trace: system.nullreferenceexception occurred hresult=-2147467261 message=la référence d'objet n'est pas définie à une instance d'un objet. source=itextsharp stacktrace: à itextsharp.text.version.getinstance() innerexception: i've verified neither document nor stm null, , if select "continue" in vs12 document created - exception thrown. updated itextsharp 5.4.0 , it's still occurring. can't find information on anywhere - got ideas? make sure not catching exceptions. nullreferenceexception can 1 caught , handled inside itextsharp, don't care it. fact can continue supports theory. change following setting verify: debug -> exceptions ...
Read more