How to Prevent a User from Directly Accessing My HTML Page by Writing Url

  • Home
  • Languages
  • PHP
  • How to Prevent a User from Directly Accessing My HTML Page by Writing Url

How to block direct access to html page

You can define a variable like window.parentPage = true;
in the index.html file.

In the products.html page make a check like so:

if(!window.parentPage)
{
    window.location.href = "YOUR REDIRECTION PAGE"
}

Prevent direct access to a webpage by typing the URL

so your login screen should already have session code implemented into it that has a variable that specifies if the user is logged in or not. If you don't have that implemented yet, the code would look similar to:

<?php session_start();//at the very top of the page
?>
//... your own code
//if the user successfully logs in then:
$_SESSION['authenticated']=true;

Then on the booking.php page (it should be php to allow php scripts which is super important for validating if a user is logged in), you would then check if the user did log in. If he did, the rest of the page loads, if he didn't, you would redirect them to login.php:

at the very top of booking.php:

<?php session_start();
if (!isset($_SESSION['authenticated']))
{
    //if the value was not set, you redirect the user to your login page
    header('Location https://www.example.com/login.php');
    exit;
}
else
{
   //if the user did login, then you load the page normally
}

How to prevent a user from directly accessing my html page

It's apparent to me that you only want to use Python, no frameworks etc... So the problem is that you are actually redirecting to an existing web HTML page. Don't do that, instead serve the HTML with Python itself.

# pages.py
class DefaultPage(object):
    def __init__(self):
        self.html = '''
        All Your HTML Here
        '''
    def self.display:
        return self.html

Obviously your using something to serve your Python, I'm assuming something simple like Google App Engine Launcher, in which case you can just write the class. Even if your using some other simple WSGI, the concept remains the same.

# main.py
import webapp2
from pages import DefaultPage
class MainHandler(webapp2.RequestHandler):
    def get(self):
        page = DefaultPage()
        self.response.write(page.display())

app = webapp2.WSGIApplication([
    ('/', MainHandler)
], debug=True)

Prevent users from directly accessing url and redirect to login if not logged in Flask

You can use your own custom decorator like in flask login module.
Something similar to this,

def login_required(f):
    @wraps(f)
    def decorated_function(*args, **kwargs):
        if session.get('username') is None or session.get('if_logged') is None:
            return redirect('/login',code=302)
        return f(*args, **kwargs)
    return decorated_function

Then use like this in a route which requires login,

@app.route('/', methods=['GET', 'POST'])
@login_required
def home():
   #blah_blah

What this does is , whenever you call url '/' ,it calls decorated_function() present inside login_required() wrapper. So put your login logic inside deccorated_function(). Check if the user is logged in using sesion cookie(or whatever method you want), if not logged redirect to login else don't return anything.

Regarding that session.get() error, did you import session from module flask? The syntax seems correct

Preventing direct access to my HTML page

First of all you need to convert your html page to php then you can set a session variable in your contact us page and then when the mail is successfully sent to the user then you can check for the this session variable's value to decide weather to redirect the user or not.

Suppose this is your contact us page.

<?php
    // code for sending mail
    if(the mail is sent successfully then)
    {
      $_SESSION["redirect_to_success"]=true;
    }
?>

This can be the code on the success page

<?php
  if(!isset($_SESSION["redirect_to_success"]))
  {
     header("location:contactus.php");
  }
  else
  {
    unset($_SESSION["redirect_to_success"]);
  }
?>

Here unseting the session variable allows the use to redirect to the success page only when the mail is sent successfully. Once he/she is redirected to the success page the session variable will be unset. And also using Boolean values allows less consumption of memory


Related Topics

Php Curl Required Only to Send and Not Wait for Response

How to Get Previous Month from Selected Month

Laravel Convert Query MySQL to Model Query

Displaying Data from an Array in a HTML Table Using PHP

Php Adding 15 Minutes to Time Value

Display Data from Database to Dropdown Codeigniter

Laravel - Where Less/Greater Than Date Syntax

How to Mix MySQL APIs in PHP

How to Check If a String Contains a Specific Word

Are Global Variables in PHP Considered Bad Practice? If So, Why

Passing an Array to a Query Using a Where Clause

How to Show Blob Image in HTML

Remove License Check from Script Code in Codeigniter

How to Get Part of Url Before Last Slash With PHP

Getting Check Box Values as Checked from Database Codeigniter

Showing Image Binary Data Using JavaScript

Get All Hrefs from String But Then Replace Via Another Method

Difference Between Single-Quoted and Double-Quoted Strings in PHP


Leave a reply



Submit