How to lock out other web pages
I have an exam application where for the user to create an exam they have to go through these pages:
Now what I am worried about is the user can complete some of these pages but then either abandonded creating the exam by leaving out the other pages or they start creating an exam going trough some of the pages above but then be able to either go back on a previous page or pevious pages or skip pages by entering url of other pages which are coming up ahead.
So my question is that is there a way where I can stop the user skipping ahed pages or going back to previous pages? In other words they have to follow the exact steps of going through the five pages above in the exact order to create the exam.
For example if the user is on the the QandATable.php page
, they cannot go back to the create_session.php page or they cannot skip ahead to the other pages until the QandATable.php
has been successfully submitted? In other words lock out the other pages except the current page. Once the user has accessed the complete.php
page then exam is completed and the create_session.php
can be removed from the lockout as that is the first page.
If the user abandons a page such as the individualmarks.php, and the user goes back straight to the indivdualmarks.php page, then that is fine, but if they try to access another page, I am thinking of sending a prompt box or something similar stating:
You already have an exam currently in creation, to continue with creating the current exam click on this link (link to current page user is on)
If you want to create a new exam then please click on this link (link to the create_session.php page).
I know what I am asking is not very simple but I don't want the user to mess up creating the exam unless they follow each step (each page) in the correct order so it doesn't mess with any data. Does anyone have a simple sample on how this could be achieved?
I am working with IE, Chrome. Safari, Firefox and Opera
Thanks
UPDATE:
<?php
session_start();
?>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link rel="stylesheet" type="text/css" href="stepsStyle.css">
<title>Follow Steps</title>
<script type="text/javascript">
//if user selects "Create New Assessment" Link, then use jquery/ajax below
//code below will access removesession.php where it will remove exam details which will be overwritten
$(function() {
var link = $("#createLink");
link.click(function() {
$.ajax({
url: "removesession.php",
async: false,
type: "POST",
success: function() {
window.location.href = link.attr("href");
}
});
//cancels the links true action of navigation
return false;
});
);
</script>
</head>
<body>
<?php
$steps = array('create_session.php', 'QandATable.php', 'individualmarks.php', 'penalty.php', 'complete.php');
$latestStep = $_SESSION['latestStep'];
// Track $latestStep in either a session variable or the DB and retrieve accordingly
// $currentStep will be dependent upon the page you're on
$currentIdx = array_search($currentStep, $steps);
$latestIdx = array_search($latestStep, $steps);
if ($currentIdx - $latestIdx > 1 ) {
?>
//set up a div box to display message on wether use should contine or not
<div class="boxed">
You already have an exam currently in creation, to continue with creating the current exam click on this link: <br/><a href="">Continue with Current Assessment</a>
<br/>
If you want to create a new exam then please click on this link: <br/><a href="create_session.php" id="createLink">Create New Assessment</a>
</div>
<?
} else {
// let the user do the step
}
?>
Got couple of questions regarding code above:
$currentStep
variable equal to? I'd track the last completed state in a variable, and the workflow in a list. On each page, check if the last completed state is greater than or equal to whatever the previous required steps are. This is assuming that your workflow is completely linear. Something like this:
$steps = array('create', 'table', 'marks', 'penalty', 'complete');
// Track $latestStep in either a session variable or the DB and retrieve accordingly
// $currentStep will be dependent upon the page you're on
$currentIdx = array_search($currentStep, $steps);
$latestIdx = array_search($latestStep, $steps);
if ($currentIdx - $latestIdx > 1 ) {
// show error message
} else {
// let the user do the step
}
Edit: Answering questions:
What should $currentStep variable equal to?
This should equal the page you're on and match a value in $steps; looks like it should be the filename of the current page.
How do I link to its current page if user wants to continue with current exam?
It sounds as if you're asking how to redirect to the correct step if the user is on the page. The next step should be $steps[$latestIdx + 1]
, eg the step after the latest step.
Should I leave the else statement empty to let the user do the step?
The else statement should contain all the code you want the user to execute. Alternatively, if you're externalizing this, you should probably use return values, and return 1 if they can do the step, 0 if they can not. Then on each page, you'd call this function, and depending on the return value, either show the page, or show the error.
Security through obscurity is indeed a naive scheme: you should always assume that your URLs are public. Here you require a wizard-like interface, which in turn is a finite-state machine. Assuming your system already has users, you need to find a workflow engine (or a FSM implementation, or develop a simple one yourself) and track the user submissions inside every flow.
At the beginning of each and every page you must validate the user's position, ie you must say if the user in the current state can access the requested resource. If he can't just redirect him, otherwise show the requested page.
BTW, it seems you are building your application from scratch. The fast track is using a framework, for example CakePHP. I'm suggesting Cake because I just found this nice plugin (never used it myself, but the API is really nice and Cake itself is great for learning purposes)
链接地址: http://www.djcxy.com/p/67944.html下一篇: 如何锁定其他网页