| View previous topic :: View next topic |
| Author |
Message |
curtranhome
Joined: 04 Jun 2008
Posts: 77
|
 Posted: Fri Jan 09, 2009 7:12 pm Must come from (Page name) |
 |
|
|
Hey, i need a code that will tell the user that they need to come from a page and then redirect them to that page before they see any of the data inside, is there by any chance someone that could point me in the rite direction or give me the code?
Thanx in advance
~curtranhome |
|
kanenas
Joined: 14 Dec 2004
Posts: 341
|
| Posted: Thu Jan 15, 2009 12:46 am |
|
|
|
Why is it so important that a visitor come from a specific page? If a user bookmarks a page, do they have to go to the required page when opening the bookmark? Make sure your implementation doesn't break links from external websites.
There are various possibilities to check that a visitor came from a page, but nothing foolproof.
- check the Referer [sic] header, but this is often blocked by users out of privacy concerns.
- set a cookie on the required page. Check for the cookie on other pages. Cookies are at least as likely to be blocked as the Referer header.
- have the required page set a field in the query portion of the URL for all links and forms. Other pages propagate the field.
If you server side language supports sessions, you can use that rather than explicitly using options 2 and 3 (under the hood, sessions are implemented using cookies or the query string).
Once your server app has determined that a visitor hasn't been to the required page, use redirection.
How you accomplish the above depends on your server platform. If you want specific information, you should always post your development and server environment. You can read this and other tips in "How To Ask Questions The Smart Way". |
|
curtranhome
Joined: 04 Jun 2008
Posts: 77
|
| Posted: Tue Jan 20, 2009 7:39 pm RE: |
|
|
|
i'm making password protected pages and my host (freewebs) does not support php or anything other than javascript, html, dhtml, etc. so i need javascript that can check if a user came from the login page so that the don't see any of the members only area of the page(s). and i'm a newbie in javascript, so i can't make the code right now, other wise i would. so if you can help me out, so i can learn what i need to do for this kind of thing, that would be very helpful.
Thank you ahead of time. |
|
kanenas
Joined: 14 Dec 2004
Posts: 341
|
| Posted: Sat Jan 24, 2009 7:41 pm Better approach: use HTTP authentication |
|
|
|
| curtranhome wrote: |
| i'm making password protected pages and my host (freewebs) does not support php or anything other than javascript, html, dhtml, etc. so i need javascript that can check if a user came from the login page |
Pardon my bluntness, but that's a terrible idea, for the following reasons:
- Easy to circumvent by disabling javascript.
- Even with javascript enabled, a visitor still gets the page content before being redirected. This means you haven't actually protected the members-only pages.
- As stated in my first post, there's no reliable way to ensure that someone visited a specific page.
- The design is tied to a specific login page. This introduces maintenance problems should you ever change the URL of the login page. Compartmentalize as much as you can; this is a part of separating concerns.
Remember, anything handled client side is controlled client side and thus can be perverted. Authentication should be done server side. No exceptions.
If your host doesn't support server-side scripting, use HTTP authentication, either basic or digest. Check your host's documentation on how to do this. Under Apache, it involves creating an .htaccess file and a user database to hold the passwords, but the specifics will vary from site to site. For instance, if your site uses cPanel, it can manage authentication for directories. IIS requires its own method to configure authentication. There are also a number of threads on this very site about .htaccess; search for "htaccess" or "htpasswd" to find them.
Alternatively, find a host that does support server side scripting.
I also recommend learning about website usability. Here are some sites devoted to usability (found via google search):
|
|
curtranhome
Joined: 04 Jun 2008
Posts: 77
|
| Posted: Sat Jan 24, 2009 9:02 pm RE: |
|
|
|
Ok thank you for the heads up, but as i read and finished your post. i came up with the idea of redirecting them to a page that will then check the required information and, if correct,will automatically redirect them to the members-only page and have that page require the 2nd redirection page. Is this anyway possible? sorry for extending my question beyond what it originally was supposed to be.
Thank you,
curtranhome |
|
kanenas
Joined: 14 Dec 2004
Posts: 341
|
| Posted: Sun Jan 25, 2009 8:31 pm That's a bad plan. |
|
|
|
| Sounds just as unreliable and insecure as your first approach, and I don't see any benefits. As I said before, you must use a reliable authentication scheme, which will require either server side scripting or HTTP authentication. |
|
curtranhome
Joined: 04 Jun 2008
Posts: 77
|
| Posted: Mon Feb 02, 2009 1:19 pm |
|
|
|
| ok, then do you have any coding suggestions that I can use other than php, asp, cgi, etc? |
|
kanenas
Joined: 14 Dec 2004
Posts: 341
|
| Posted: Wed Feb 04, 2009 5:54 pm Re: Better approach: use HTTP authentication |
|
|
|
As I said before,
| kanenas wrote: |
If your host doesn't support server-side scripting, use HTTP authentication, either basic or digest. Check your host's documentation on how to do this. Under Apache, it involves creating an .htaccess file and a user database to hold the passwords, but the specifics will vary from site to site. For instance, if your site uses cPanel, it can manage authentication for directories. IIS requires its own method to configure authentication. There are also a number of threads on this very site about .htaccess; search for "htaccess" or "htpasswd" to find them.
|
|
|
curtranhome
Joined: 04 Jun 2008
Posts: 77
|
| Posted: Wed Feb 04, 2009 7:59 pm RE: |
|
|
|
| ok thank you |
|
curtranhome
Joined: 04 Jun 2008
Posts: 77
|
| Posted: Thu Feb 12, 2009 1:01 pm RE: |
|
|
|
| OK, I just checked with my web server company (webs) and they say that they do not support .htaccess to non-paying members such as myself. So is there by any chance that i can use anything else? |
|
kanenas
Joined: 14 Dec 2004
Posts: 341
|
| Posted: Fri Feb 13, 2009 5:24 pm Get a different host |
|
|
|
| If your host doesn't support scripting or server configuration for free accounts, your best bet is to get a different host rather than trying to put something together that will barely work & work poorly on your current host. You can find reviews of free hosts & lists of features online (eg a google search turned up Free-Webhosts.com). |
|
PayneLess Designs
Joined: 28 Feb 2007
Posts: 4289
Location: MS
|
| Posted: Fri Feb 13, 2009 5:44 pm |
|
|
|
There is one way to set up a password protected page and that is to let a trusted service do the PHP processing for you and just use their code.
Restrict access to selected website pages.
You can sign-up for a free account to access all the neat web tools and widgets.
Ron |
|
curtranhome
Joined: 04 Jun 2008
Posts: 77
|
| Posted: Sat Feb 14, 2009 6:40 pm RE: |
|
|
|
| Ok thank you |
|
PayneLess Designs
Joined: 28 Feb 2007
Posts: 4289
Location: MS
|
| Posted: Sat Feb 14, 2009 6:49 pm |
|
|
|
| You're welcome. I've them before when I first started out and had a free site that did not allow PHP or any other scripting language. |
|
|
HTML Help Forum
FAQ
Search
Memberlist
Register
Profile
Log in to check your private messages
Log in
