I have made a ecommerce website, where after placing order I redirect users to success page with order number. If order number doesn't exist,then id would be passed. But there is a problem when neither there exist order number nor order id then too success page is showing some previous orders placed if direct url is pasted. Eg : www.mywebsite.com/order/success/5000, here 5000 doesn't exist so it should redirect me to 404 error page.
MY_controller
$order_num = $this->order_model->getOrderNum($order_id);
if(empty($order_num)){
$order_num = $order_id.'/id';
}
$redirect_url = 'order/success/'.$order_num.'/';
?>
<script>
function redirect_success(url) {
location.assign(url);
}
var success = '<?=$redirect_url?>';
redirect_success(success);
</script>
My_Model
public function getOrderNum($order_id = ''){
$returnVal = false;
$sql = "SELECT order_num FROM order_table";
$sql .= " WHERE order_id = '{$order_id}'";
$query = $this->db->query($sql);
if($query->num_rows() > 0){
$result = $query->result_array();
$row = $result[0];
$returnVal = $row;
}
return $returnVal['order_num'];
}
One way is to check in the order/success controller whether the page referer is coming from the order/place page.
So in order/success, if http_referer header is not set or not from order/place, redirect to 404.
Add in order/success/ controller:
if( !isset($_SERVER['HTTP_REFERER']) || strpos($_SERVER['HTTP_REFERER'], "order/place") === -1 ) {
$this->load->helper('url');
redirect('/page404');
}