Basically, When a user signs up (register.php) succesfully.. I store all the data in database and direct them to step.php using
header("location: step.php");
Where they fill other different info which is then stored in the database.
So, a user must access the register.php page before accessing the step.php page.
How do I stop access to the step.php page by limiting its access to only those that just completed the register.php form.
PS - I am building a step by step registration process and is this even the best way out. Or what other ways can I do this?
Use Sessions, set a session if the user did gone through register php (set it bevor you redirect the user). If step.php is called, check for that session.
<?
//register.php Line 1
session_start();
//At the End
$_SESSION['doneRegister'] = true;
header("location: step.php");
?>
<?
//step.php Line 1
session_start();
if (!isset($_SESSION['doneRegister'])){
// Session not set
header("location: register.php");
}
?>
On register page: define('VAR', true);
On top of step page: if (!defined('VAR')) header('location:index.php');