php prevent direct access to an url which does not points a folder [closed]

Question

As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.

Closed 8 years ago.

I am using .htaccess and user friendly links. my domain.com/contact redirects the page to domain.com/contact-verify after form submission. If page verifies user submitted data then redirects the page to domain.com/thank-you-for-email. If verification fails then redirects the page to domain.com/contact again with errors shown. (Post - Redirect - Session Variables flow)

How can I prevent direct access to domain.com/contact-verify and domain.com/thank-you-for-email.

I searched .htaccess usage but could only find protecting specific files protection. Also I read some info on google that $_SERVER["HTTP_REFERER"] is not reliable?

as a note, I already have Options All -Indexes in my .htaccess.

Can you please describe winner methodology?

Answer 1

Track the progress of a user using sessions or cookies. Then for the pages that you want to restrict access to, add code to check user progress and redirect (or show access denied message, whatever you want to do) if user has not reached the required progress point.

if (!isset($_SESSION['progress']) || $_SESSION['progress'] != 2) {
    header('Location: /contact');
    exit;
}