-1
<?php
if(isset($_SESSION['id'])==null){


    header("Location: login.html");
}
?>
<script>
$(function(){
$(document).on("click", ".button", function(e) {
e.preventDefault();
{       
//This will capture all the inputs from the form
var infom = $("#myform").serialize();
        //$("#showresult").addClass('loader');                
        $.ajax({            
            beforeSend: function() { },         
            type: "POST",
            url: "login.php",
            data:infom,          
            success: function(result){      
            //$("#showresult").removeClass('loader');
            $('#showresult').html(result);
            }
        });     
        e.preventDefault(); 
}
}); 
});
</script>

in the login.php file i placed that but it does nothing the user is still able to put in login.php within the browser navigation and still get to it. I want to stop them from doing so. I want that file to only call when i try to login on the login html page. Above is the ajax code used to display error message if any from php. when i combine it with the if post or http reffer, it redirects to a blank page with continuous loading.

Shanna Chambers
  • 53
  • 7
  • `if(isset($_SESSION['id'])==null){` that by the way, is giving you a false positive. You need to split those up in two different conditionals. Hard to say also if you even started the session everywhere. – Funk Forty Niner Aug 21 '16 at 20:35
  • You can't stop it. – Barmar Aug 21 '16 at 20:35
  • Yes i did start the session. – Shanna Chambers Aug 21 '16 at 20:43
  • I'm assuming you're sending the form post data to login.php. Simply check if $_POST has not been set. if it hasn't redirect to login.html otherwise process if(!isset($_POST)){ redirect } – Brian Aug 21 '16 at 20:43
  • someone posted an answer now, ask them. I gave you an indication as to why your present code is failing you, being the first part of my comment. We also don't know what the rest of your pages look like and if you're using the same (wrong/invalid) syntax. – Funk Forty Niner Aug 21 '16 at 20:47

2 Answers2

0

you can check with this 

if($_SERVER['HTTP_REFERER']=="complete URL/login.html")

the url must be like http://www.example.com/login.html

and if you are submitting a form from login you must check $_POST .

Masoud Haghbin
  • 863
  • 7
  • 13
  • 1
    `$_SERVER['HTTP_REFERER']` is not dependable. Here, read for yourself http://stackoverflow.com/a/6023980/1415724 – Funk Forty Niner Aug 21 '16 at 20:45
  • Getting this error" Notice: Undefined index: HTTP_REFERER in" . I did it like this if($_SERVER['HTTP_REFERER']=="{http://localhost}/login.php"){ header("Location: login.html"); } – Shanna Chambers Aug 21 '16 at 20:49
  • @ShannaChambers it doesnt need to be { } i edited my answer ! – Masoud Haghbin Aug 21 '16 at 20:52
  • if($_SERVER['HTTP_REFERER']!="http://localhost/login.php") { header("Location: login.html"); } – Masoud Haghbin Aug 21 '16 at 20:54
  • 1
    *"tell me what i am doing wrong"* - @ShannaChambers [*I told you what you were doing wrong, from the beginning...*](http://stackoverflow.com/questions/39068596/prevent-users-from-accessing-the-login-php-process-file-within-browser-nav-bar#comment65485386_39068596). I take it you want me to post the actual syntax for it. PHP.net contains examples on how to use conditional statements. – Funk Forty Niner Aug 21 '16 at 20:54
  • @Masoud Haghbin Its working now but when i try to log in it takes me to a blank page and not the page i intended. – Shanna Chambers Aug 21 '16 at 21:00
0

login.php

// check if form has been submitted
IF (!isset($_POST)) { 
    Header('Location: login.html');
    die();

}

It would be wiser to use form tokens instead.

Brian
  • 1,035
  • 7
  • 14
  • i wonder if its because i am using ajax to submit the form so i can get error message on the same page. It works but when i try to submit the form it gives me a blank page and wont redirect to the desired page. – Shanna Chambers Aug 21 '16 at 21:12
  • Those are details we need to know. Please update your question. – Brian Aug 21 '16 at 21:23