Anti-URL code not exactly perfect yet...

[djr33]

hmm... can't you just check the $_SERVER[HTTP_REFERER and be done with it?

[BLiZZaRD]

Well, that is the reason for the thread.. I don't understand that stuff.. the $_SERVER blah blah blah..

I have tried reading about them on php.net and there is a lot of good information, but I have no idea what it is talking about.

Every time I tried something that sounded like it would be it, the code broke..

I have no idea

[djr33]

Well, from what I understand, the referer is the page from which you clicked a link.
I'd guess it would equate to an empty string if you manually typed the address.
Therefore, we can assume that a simple if statement would check that.
if ($_SERVER[HTTP_REFERER] != "http://blah") { die("You can't be here!!!"); }

[blm126]

$_SERVER['HTTP_REFERER'] is unreliable as many "security" software packages strip or fake it when sending the HTTP headers. If you could post exactly what you to happen I will be able to help more.

[djr33]

Ah, but they couldn't fake what you want.
But the security packages would hide it, so people wouldn't get in if they should?
Interesting.
I'd just use a session.

Store the sessions in a database. Check that the IP matches the session ID, or something is wrong.
Next, at the top of each page, give the session variable "location" a value representing the current page, like "red".
After that, just check on the next page if that session variable (and the session id/IP address) are valid.
The only other thing is to make sure you randomize the session ids, so they can't come back later with a matching IP/ID and use that link.
Should be easy. Theoretically.

[BLiZZaRD]

I am trying to piece this together in my spare time (which isn't a lot right now) But here is exactly what I want:

A visitor will come to the site.

They will go to the registration page and make a username and password. Using this information they will be signed into the forum (I believe I will be running phpbb2) and taken to their own personal page.

They then click begin, and are taken to that first page. Once they enter an answer in any box I would like them to be taken to another random page (there will be 100 in total)

Meanwhile, I would like to prevent any and all direct URL access, and even better, preventing the passwords etc from showing up in the URL. This of course is secondary if the SQL can make the next page viewed completely random.

I would need the SQL to also keep track of which pages they have visited as well as which answers they have input correctly. (out of the 4 per page)

This way they can be taken to the same page 50 times if needed, but never again after inputing the 4 correct answers.

Does any of this make sense? I know what I mean, LOL

The problem with sessions is that getting all answers correct could take months, and I don't want them to have to start over every time they clear their cache.

[djr33]

Ah.
Hmm... perhaps rethink the design a bit so it's somewhat easier.
Interesting.
I'll let you know if I have any thoughts.
Since you're already using usernames/passwords, you could just do it that way.
Additionally, you could use php to generate a random page, and just have the index (or whatever) show that random page... so it would ALWAYS be random... and you could direct link, but that would be random.
Add a user/pass check, and that should be close.

[BLiZZaRD]

Yeah I thought of that too, but I thought MySQL might help with the storage and tracking.

The idea is well played out in my head, but by the time it makes it to my fingers and out into a post it loses some of it's gloss and understanding.

I will work on writing out a full detailed idea with exactly everything that I want to accomplish. I know ALL of it is possible, I have seen it, just not all together, LOL

Thanks for looking, I will try to make a more coherant post in a few minutes when work dies down.