[TheCase]

Hi,

I have a Page B that should only be access through Page A as it deleted the user with the id next to it, if you access Page B now you cant do anything as there is no id but if you replace the id of the user you can delete the user. Page A is password protected but I need some kind of code to see if you have come from page A and not gone to page B directly

Thanks

[Trevor]

You can try 2 things.

First, try checking against the $_SERVER['HTTP_REFERER'] . If the value returned equals page A, let page b continue to opperate.

The second solution may be to use a session variable on page a, and check for it on page b. If it is not set, send the person back to page a.

I know these are just references... but I hope it helps.

[job0107]

If I were you and I wanted to password protect a delete function, I would
store the username and password in a couple of tables in an MySQL database

Create a table named "id_table" with two fields:
field name "id" as primary
field name "user"
In the user field store the username and
in the id field store a unique id.

Create a table named "pass_table with two fields:
field name "id" as primary
field name "pass"
In the id field store the same unique id as in the id_table
and in the pass field store the password.

and do something like this:

Page_a.php

PHP Code:

<?php
session_start();
function error_message1()
{
 echo "<div style='width:383px;color:#ff0000;font-size:22;text-align:center;border:6px ridge #00ccff;padding:10px;padding-bottom:15px;background:#f0eeee;'>You have entered an incorrect username or password, please try again.</div>";
 }
function error_message2()
{
 echo "<div style='width:383px;color:#ff0000;font-size:22;text-align:center;border:6px ridge #00ccff;padding:10px;padding-bottom:15px;background:#f0eeee;'>You must enter your username and password, please try again.</div>";
 }
$user = isset($_POST["user"]) ? $_POST["user"] : "";
$pass = isset($_POST["pass"]) ? $_POST["pass"] : "";
if($user && $pass)
{
 $conn=mysql_connect("host","username","password");
 mysql_select_db("dbname");
 if($result = mysql_query("select id from id_table where user = '".$user."'"))
 {
  while($row = mysql_fetch_array($result))
  {
   $id = isset($row["id"]) ? $row["id"] : "";

   }
  if($id)
  {
   if($result = mysql_query("select pass from pass_table where id = '".$id."'"))
   {
    while($row = mysql_fetch_array($result))
    {
     $pass1 = isset($row["pass"]) ? $row["pass"] : "";
     if($pass1 == $pass)
     {
      include "code.php";
      $_SESSION["logged_in"] = $session_code;
      header("Location: http://www.example.com/page_b.php");
      }
     else
     {
      error_message1();
      }
     }
    }
   else
   {
    error_message1();
    }
   }
  }
 else
 {
  error_message1();
  }
 }
if(isset($_POST["submit1"]) && !$user && !$pass){error_message2();}
?>
<html>
<head>
<style>
.delete
{
 width:383px;
 border:6px ridge #00ccff;
 padding:20px;
 background:#aabbcc;
 color:#0000ff;
 }
.center
{
 text-align:center;
 }
.formatting1
{
 font-size:26px;
 font-weight:bold;
 }
.formatting2
{
 font-size:18px;
 font-weight:bold;
 color:#aa5500;
 }
.span1
{
 width:280px;
 text-align:right;
 font-size:18px;
 font-weight:bold;
 color:#008855;
 }
</style>
</head>
<body>
<div class="delete">
<form name="theForm" action="#" method="POST">
<div class="center formatting1">To delete user, enter username & password.</div>
<p>
<span class="span1">UserName : <input type="text" name="user"></span>
<p>
<span class="span1">Password : <input type="password" name="pass"></span>
<p><br />
<div class="center"><input class="formatting2" type="submit" name="submit1" value="Submit"></div>
</form>
</div>
</body>
</html>

And on page_b.php I would do something like this:

PHP Code:

<?php
session_start();
include "code.php";
if(isset($_SESSION["logged_in"]) && $_SESSION["logged_in"] == $session_code)
{
 // Rest of program here.
 }
else
{
 header("Location: http://www.example.com/page_a.php");
 }
?>

And code.php: Note, it would be more secure if you stored this value in your database.

PHP Code:

<?php
$session_code = "a135B6c396";
?>

[job0107]

Correction to page_a.php

Sorry I left out one else statement and one last check.

page_a.php

PHP Code:

<?php
session_start();
function error_message1()
{
 echo "<div style='width:383px;color:#ff0000;font-size:22;text-align:center;border:6px ridge #00ccff;padding:10px;padding-bottom:15px;background:#f0eeee;'>You have entered an incorrect username or password, please try again.</div>";
 }
function error_message2()
{
 echo "<div style='width:383px;color:#ff0000;font-size:22;text-align:center;border:6px ridge #00ccff;padding:10px;padding-bottom:15px;background:#f0eeee;'>You must enter your username and password, please try again.</div>";
 }
$user = isset($_POST["user"]) ? $_POST["user"] : "";
$pass = isset($_POST["pass"]) ? $_POST["pass"] : "";
if($user && $pass)
{
 $conn=mysql_connect("host","username","password");
 mysql_select_db("dbname");
 if($result = mysql_query("select id from id_table where user = '".$user."'"))
 {
  while($row = mysql_fetch_array($result))
  {
   $id = isset($row["id"]) ? $row["id"] : "";
   }
  if($id)
  {
   if($result = mysql_query("select pass from pass_table where id = '".$id."'"))
   {
    while($row = mysql_fetch_array($result))
    {
     $pass1 = isset($row["pass"]) ? $row["pass"] : "";
     if($pass1 == $pass)
     {
      include "code.php";
      $_SESSION["logged_in"] = $session_code;
      header("Location: http://www.example.com/page_b.php");
      }
     else
     {
      error_message1();
      }
     }
    }
   else
   {
    error_message1();
    }
   }
  else
  {
   error_message1();
   }
  }
 else
 {
  error_message1();
  }
 }
if(isset($_POST["submit1"]) && ($user && !$pass || !$user && $pass)){error_message1();}
if(isset($_POST["submit1"]) && !$user && !$pass){error_message2();}
?>
<html>
<head>
<style>
.delete
{
 width:383px;
 border:6px ridge #00ccff;
 padding:20px;
 background:#aabbcc;
 color:#0000ff;
 }
.center
{
 text-align:center;
 }
.formatting1
{
 font-size:26px;
 font-weight:bold;
 }
.formatting2
{
 font-size:18px;
 font-weight:bold;
 color:#aa5500;
 }
.span1
{
 width:280px;
 text-align:right;
 font-size:18px;
 font-weight:bold;
 color:#008855;
 }
</style>
</head>
<body>
<div class="delete">
<form name="theForm" action="#" method="POST">
<div class="center formatting1">To delete user, enter username & password.</div>
<p>
<span class="span1">UserName : <input type="text" name="user"></span>
<p>
<span class="span1">Password : <input type="password" name="pass"></span>
<p><br />
<div class="center"><input class="formatting2" type="submit" name="submit1" value="Submit"></div>
</form>
</div>
</body>
</html>

[TheCase]

page_a.php works thanks, but page_b.php does not I have done this

PHP Code:

// Start the session

session_start();



// Define $session_code

$session_code = "ghr57g834f";



if(isset($_SESSION["logged_in"]) && $_SESSION["logged_in"] == $session_code)

{



////////

/////Rest of the page code here

///////



}

else

{

 header("Location: /page_a.php");

 } 

When I visit page_b.php directly I see the page, it should direct me to page_a.php but it doesnt any ideas?

Thanks

[TheCase]

I fixed this the session was still open when tried in a different browser and when session_close(); was done it worked. Thanks alot

[TheCase]

I have a problem I need some kind of logout script when i do page_b.php i can view it without it redirecting me to page_a.php why is it because the session is still remember so I need to close it some how?

I done this

PHP Code:

session_start();  



unset($_SESSION['logged_in']);



echo "logged out"; 

Then I go and view page_b.php and it redirects me to page_a.php with an error

Notice: A session had already been started - ignoring session_start() on page_a.php

So it all would work if I get rid of the error

Thanks

[job0107]

Try adding one more line to page_b.php:

page_b.php

PHP Code:

<?php
session_start(); 
$session_code = "ghr57g834f"; 
if(isset($_SESSION["logged_in"]) && $_SESSION["logged_in"] == $session_code) 
{ 
 $_SESSION["logged_in"] = "";
 //////// 
 /////Rest of the page code here 
 /////// 
 } 
else 
{ 
 header("Location: /page_a.php"); 
 }
?>

[TheCase]

Ok I am getting closer now, it is logging me out and everything so when I log out and go to page_b it echo's a message "You need to log in " then bellow that i include the page_a.php but that error message is in the way if that was gone it would work. Tryed what you suggested just added more erriors

Quote:

You need to enter the password
Notice: A session had already been started - ignoring session_start() in page_a
Followed underneath by page_a.php

Thanks

[job0107]

I need to see your code. But somewhere you have session_start(); twice
when you only need it once.