PDA

View Full Version : check previous page session?



BLiZZaRD
11-15-2007, 10:34 AM
Perhaps the title is misleading, and for that I apologize, I am sure whay I am after, I am not sure what it is called or how to describe it in a title.

I have a page (page1.html) and on this page is a username and password box in PHP.

You enter the username and password and it takes you to a new folder (folder1/page2.html)

Page2.html checks the password entered, and if correct allows you to see page2.html. If you try to go directly to page2.html through the addy bar you get redirected and told to go to page1.html to enter the password.

All of that works and is fine. Now the problem. (please note this is NOT a log in scripting thing, just a file/folder protection thing). in /folder1/ I have 6 pages (page2.html through page7.html. If you know the address to page4.html currently you can go directly to it. I want to prevent this.

(Note I can NOT use .htaccess for this ONLY php) What I would like to do is if a visitor goes to any page in /folder1/ it checks if they know the password from page1.html (or which ever password I require at that time) either in the form of a pop up asking them to verify or some other means. I thought about session variables, but If the visitor was on page1.html last week, has cleared their cache, I don't want them to have to go back to page1.html to get to page4.html.

Any help on this will be amazing. I am at wit's end trying to figure this out.

boogyman
11-15-2007, 01:43 PM
this isn't so much of a cache issue.

get / set a cookie to the user's computer. This is dependant upon what type of security the user grants access to, but unless you want to create a logon system (not what you want) than you would need to track the cookie.
I am not that sure about how cookie servers work on the server-side, but you may need to create a file with the acceptable cookie values ?

once the person enters page1.html see if there is a cookie present, if not set one, be best if its by some unique identifier to protect their security.
then on every page that you want to list as "folder pw protected" check for the cookie, if present display the page if not, give the error message or redirect to the initial page1.html

BLiZZaRD
11-15-2007, 05:23 PM
That could work and I thank you for the response. But if the user clears cookies then they have to start all over. With over 400 folders on the site... thats a lot of back tracking...

boogyman
11-15-2007, 06:20 PM
Yes, but unless you build a user login system thats the only way you would be able to store their information that I am aware of

to be persistant across browser sessions at least

BLiZZaRD
11-15-2007, 07:07 PM
Hmm.. okay. Thanks.