/    Sign up×
Community /Pin to ProfileBookmark

Restrict access to page if form is not filled out.

Copy linkTweet thisAlerts:
Apr 20.2010

Hey everyone. I have this form where people can input environmental data about their lives and the resulting page produces the results from input. However, I want to restrict people from directly accessing the results page if the form is not filled out (since all the values will be zero).

I thought adding a “name” to the submit button of the form and adding this to the result page would do. But now, it prints this event when the button with the name=”submittedi” is clicked. Any ideas? Thanks in advance.

[CODE]
if (!isset($_POST[“submittedi”])) {
echo ‘You cannot access this page directly. Please visit the <a href=”calculator-i.php”>individual carbon footprint calculator</a> page first and input your data’;
exit;
}
[/CODE]

to post a comment
PHP

3 Comments(s)

Copy linkTweet thisAlerts:
@tirnaApr 20.2010 — [CODE]
if (!isset($_POST["submittedi"])) {
echo 'You cannot access this page directly. Please visit the <a href="calculator-i.php">individual carbon footprint calculator</a> page first and input your data';
exit;
}
[/CODE]

The above code doesn't secure your page at all from someone determined to access that page without filling out a form first.

All they have to do is look at your html to get the name of the submit button and then 'post' that name with [B]any value [/B]separately to the url you are trying to protect because you are only checking if $_POST["submittedi"] isset and not if it contains a specific value.
Copy linkTweet thisAlerts:
@optimus203authorApr 20.2010 — Yeah, there isn't any info that needs to be secured. No passwords, unsernames, personal info, or anything like that.

I just need a way to make sure that the form has been submitted before they can access this page. Maybe the code I wrote is not best for this idea. Any suggestions?
Copy linkTweet thisAlerts:
@tirnaApr 20.2010 — I would validate all the received form data in the results script to:

1) ensure it all exists

2) ensure each received parameter's value is valid

If 1) and 2) [B]both pass the validation[/B] then proceed with the script, otherwise redirect them back to the form.
×

Success!

Help @optimus203 spread the word by sharing this article on Twitter...

Tweet This
Sign in
Forgot password?
Sign in with TwitchSign in with GithubCreate Account
about: ({
version: 0.1.9 BETA 5.7,
whats_new: community page,
up_next: more Davinci•003 tasks,
coming_soon: events calendar,
social: @webDeveloperHQ
});

legal: ({
terms: of use,
privacy: policy
});
changelog: (
version: 0.1.9,
notes: added community page

version: 0.1.8,
notes: added Davinci•003

version: 0.1.7,
notes: upvote answers to bounties

version: 0.1.6,
notes: article editor refresh
)...
recent_tips: (
tipper: @AriseFacilitySolutions09,
tipped: article
amount: 1000 SATS,

tipper: @Yussuf4331,
tipped: article
amount: 1000 SATS,

tipper: @darkwebsites540,
tipped: article
amount: 10 SATS,
)...