Is there a way to make a page (e.g. base-name/admin/cars) inaccessible when writing it on the address bar? I need to make it accessible only by clicking on a link somewhere in the site. Is this possible? I do not know what to try and have searched for this for a while but found nothing.
You can check the http referrer and if is empty, don't display the page or redirect them. See the following two Stackoverflow pages:
How to check the referrer: Checking the referrer
When will the referrer be empty: In what cases will HTTP_REFERER be empty
It can be possible in many ways, the way you think, like
As Someone has typed into url.com/this-page , you don't want this page to gets opened untill and unless the user is not logged in. The thing you can do is, at the top of the page, you just need to check the session value. If session is set then its fine, or else it should be redirected to home page.
Example this-page.php let's say in CI I have made a common helper file which will check on all respective pages for session.
function isUser()
{
$CI = & get_instance();
if (isset($CI->session->userdata['User']))
{
//logged in your stuffs.
}
else
{
//redirect('login-page');
}
}
By sending time and unique id parameter in link by encoding them. By Opening to that link the unique id will gets decoded and untill and unless it won't get open.
let's say the possible link can be
url.com/this-page/123456abcdef
What you need to do on this page is that, you need to check the id on given URL Link and decode it. If encoded and decoded gets correct value, the page is valid. Make sure that id should be saved anywhere so that you can track and decode it.
$unique_id = base64_decode($id);
if($unique_id!=''&& $time!='')
{
$cur_time = time();
if ($cur_time - $time < 10800)
{
//valid link
}
else
{
//link has been expired
}
}
else
{
// link has been broken.
}
I would do something like this:
document.getElementById('yourLinkId').onclick = function(e){
// ajax should be here to send simple parameter - we'll call it granted:'yes'
// upon success - location = 'theRestrictedPage.php'; - yup just like that
e.preventDefault();
}
Now your PHP in page you want to restrict
<?php
session_start();
if(!isset($_POST['granted']) || $_POST['granted'] !== 'yes'){
header('LOCATION:thePageAboveTheLinkWasOn.php'); die;
}
// if it passes condition page is accessible
/* if you want to force a click to happen again
unset($_SESSION['granted']);
*/
?>