I have a PHP page on a website that I'd like to be accessible only from another page on that website.
If a user clicks a link to the page, or types the page's address, and does not come from the site's domain, I'd like the page to redirect the user to the index.
Any ideas?
Check 'Referer' field?
It's easily hackable, tho. The more reliable way is to check if the used had no active session (if your site assigns them to visitors).
Use the referer fo this:
if ($_SERVER['HTTP_REFERER'] != "...") {
header("LOCATION: othersite");
}
What you could do is use sessions.
make the index set a variable
$_SESSION['visitedIndex'] = TRUE;
and testing for it in the other pages:
if(!$_SESSION['visitedIndex']) {
header('location: ....');
}
make sure you do this before the first echo.
You could also create an internal service using a $hash = timestamp + internal secret key or your paricular rule.
First page has a link http://www.samesite.com/page_2.php?param=hash
Second page decodes the hash and check the timestamp against a given interval. Otherwise it refuses the display.
As only you know the internal key is impossible to fake.