/    Sign up×
Community /Pin to ProfileBookmark

Page access / Preventing Non-linear action

Copy linkTweet thisAlerts:
May 14.2008

Hey everyone,

I have a website where you can place an order to send a package to London. My pages are setup as parcels1.php, parcels2.php. etc. There are 7 steps to follow (address, package size, payment, etc) when sending a parcel. How can I prevent someone from just typing in [url]www.mysite.com/parcels3.php[/url] to skip steps? Because Step 1 creates the Session ID, I need the user to move linear from 1 through to 7.

How can I do this with PHP?

Thanks!
Karen

to post a comment
PHP

3 Comments(s)

Copy linkTweet thisAlerts:
@NogDogMay 15.2008 — One way would be to have each page verify that it received a uniquely named form field from the preceding page in the $_POST data. If you are saving data in a session variable or the database as the sequence proceeds, you could also verify that certain requisite elements are there (then clear those items once the final page is successfully processed).
Copy linkTweet thisAlerts:
@TecBratMay 15.2008 — Since you are already using sessions, make each page set a session variable. Then check for all the previous variables on each new page. (page 7 would look for the session variable for all 6 previous pages.) If it fails the test, Direct them back to page1. When I did something similar, I made hidden form fields to do the same thing. Not as secure as session vars, but it worked for that app.
Copy linkTweet thisAlerts:
@TJ111May 15.2008 — Using POST data isn't the most secure method, as that's pretty easily bypassed. Since your already using sessions, here's how I would do it, and it would only take a minute to set up.

step1.php
[code=php]
$_SESSION['step'] = 1;
//rest of script
[/code]

Step2.php
[code=php]
if ($_SESSION['step']++ != 2) {
header('Location:step'. $_SESSION['step']-- .'.php');
}
//rinse and repeat for each step.
[/code]
×

Success!

Help @JS_Freak spread the word by sharing this article on Twitter...

Tweet This
Sign in
Forgot password?
Sign in with TwitchSign in with GithubCreate Account
about: ({
version: 0.1.9 BETA 6.16,
whats_new: community page,
up_next: more Davinci•003 tasks,
coming_soon: events calendar,
social: @webDeveloperHQ
});

legal: ({
terms: of use,
privacy: policy
});
changelog: (
version: 0.1.9,
notes: added community page

version: 0.1.8,
notes: added Davinci•003

version: 0.1.7,
notes: upvote answers to bounties

version: 0.1.6,
notes: article editor refresh
)...
recent_tips: (
tipper: @nearjob,
tipped: article
amount: 1000 SATS,

tipper: @meenaratha,
tipped: article
amount: 1000 SATS,

tipper: @meenaratha,
tipped: article
amount: 1000 SATS,
)...