allow visit a page if only came from a specific page

Question

My case:

1. articlesubmitted.php - read the last article information from a specific username from the database.
2. addarticle.php - add article to database.

I want to do articlesubmitted.php accept visits ONLY from addarticle.php and if is possible to be readed just 1 time by the user which he submitted the article.

I found something with REQUEST_URI but can't make to work.

How can I do that? it is possible to made from .htaccess?

Answer 1

Try using the following example with your present code:

HTML LINK (link_for_get_access.php)

<a href="get_access.php">GO HERE</a>

get_access.php

<?php

if (strstr($_SERVER['HTTP_REFERER'],"example.com/link_for_get_access.php"))

{

echo "<h1>You have access.</h1>";

}
else
{

echo "<h1>Sorry, you don't have access.</h1>";

}

?>

Answer 2

I'd recommend you use cookies to do this. For example with $_SESSION:

<?php
session_start();

// Do this at the top of every page
$_SESSION['last_page'] = isset($_SESSION['current_page']) ? $_SESSION['current_page'] : NULL;
$_SESSION['current_page'] = 'this_page.php';

if($_SESSION['last_page'] !== 'addarticle.php')
   throw new ...

...

Answer 3

Inside the http servers rewriting module you can evaluate the `HTTP_REFERRER' that usually is contained inside any http request if the user resolves a link (clicks on a link) to load a url. When the specified referrer does not match one that is allowed you can redirect the request to wherever you want to. Operating on that level is much faster than doing things inside php. Note that this typically also blocks any requests not triggered the usual way by clicking a link.

The second requirement, to limit the request to only a single attempt is very hard to implement on server level. It is much easier to control it inside the user session just as others here pointed out.