I was wondering if there is a way of only allowing access to an html webpage if it is called form another page.
For example. I have a page: hello.php. On this page, there is a button which would redirect you to bye.php.
However, currently, if someone types bye.php in the browser, they can access the page.
How do I make it so that bye.php can only be accessed if the button is pressed on hello.php and NOT by directly entering bye.php into the browser.
Thank you
You could have your code look at the CGI variable HTTP_REFERER and check that the domain held there is your domain (ie it's a page on your site), and reject the request if not.
It shows the page that was being viewed when the browser was directed towards your page.
Or if you want to be specific you could check it againast a list of pages whcih are allower to link to it.
Note that this isn't a secure feature; it's possible for hackers (who don't use web browsers) to fudge this and get around it, but for your agevrage user it'll work ok.
Using sessions:
The script that runs when a user presses the button in question:
<?php
session_start();
if($buttonWasPressed){
//Button was pressed, so create a session variable.
$_SESSION['button_pressed'] = true;
}
Then, at the top of bye.php, you can protect it like so:
<?php
session_start();
if(!isset($_SESSION['button_pressed'])){
//Session variable does not exist - Redirect user back to hello.php
header('Location: hello.php');
exit;
}