I have a website running in PHP and I have a page (say confirm.php)

Question

0

Asked: May 23, 20262026-05-23T01:43:52+00:00 2026-05-23T01:43:52+00:00

I have a website running in PHP and I have a page (say confirm.php)

0

I have a website running in PHP and I have a page (say confirm.php)

And I only want to allow the users who land to confirm.php comes from a page that I specified (e.g. say register.php), may I know is it possible to achieve this?

Regards,
Andy.

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-23T01:43:53+00:00

You can not rely on the HTTP REFERER because users can manipulate it and browsers can refuse to send it.

The only “secure” way would be to set a session variable on register.php and check if that variable is set on confirm.php. Something like this:

register.php:

session_start();
$_SESSION['valid_user'] = true;

confirm.php:

session_start();
if(!isset($_SESSION['valid_user'])) {
    die("You did not come from the page i specified!");
}

However, this will not take into account if the latest page was register.php, BUT that the user have been on register.php.

Because HTTP is stateless, you need to keep track of this at the server level. If you don’t have a authenticated user for which you can track all pageviews, this is going to be very hard to implement. How secure do you really need it to be?

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I have a website running in PHP and I have a page (say confirm.php)

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply