Prevent direct access to a page in Joomla

Question

I have a payment gateway integrated on my website. When user is done with payment he/she is redirected to a particular page say www.example.com/redirect. I want to prevent users from directly entering this url (www.example.com/redirect) in address bar and access the page. I want it asap.

Actually the page is protected from guest users but if logged in user types that url then it will redirect him to that page and hence the payment option will be skipped. I want the user must pay the amount first and then redirected to this page.

Answer 1

this should be done in your component's base controller (controller.php). if you look at this code snippet:

// Check for edit form.
if ($vName == 'form' && !$this->checkEditId('com_weblinks.edit.weblink', $id))
{
    // Somehow the person just went to the form - we don't allow that.
    return JError::raiseError(403, 
    JText::sprintf('JLIB_APPLICATION_ERROR_UNHELD_ID', $id));
}

this block of code is present in most of core components intended to do exactly what you want. how ever how this actually dos what it does is explained through the $this->checkEditId() function. I hope you are familiar with the JControllerForm class and if you are not check out the API. because creating an edit id for a page and "authorizing user for access to a specific page based on his last page" is done by JControllerForm.

Answer 2

I had a similar desire. I wanted the page to only display if the users was logged in and if they had filled out the order entry page.

What I decided to do was check to see if there was data in the POST.

controller/place_order.php (snipet)

public function submitOrder()
{
    $post = JRequest::get('post');
    $model = $this->getModel();
    if($post != null && $post != ''){
        if($model->placeOrder()){
        }
    }
    JRequest::setVar('layout', 'submitOrder');
    parent::display();
}

This prevents the task from executing my placeOder function anything in the model. Then I just add something similar to the submit order page. In your case "redirect".

view/place_order/tmpl/submitOrder.php (snipet)

defined('_JEXEC') or die('Restricted access');

$user =& JFactory::getUser();

if ($user->guest) {
echo "<p>You must login to access this page.</p>";
} 
else if($_POST == "" || $_POST == null){
    echo "<p>You can not directly access this page.</p>";
}else {
//Your order was submitted successfully HTML (don't forget to close it at the bottom ;)

There are a lot of ways you could do it... you probably don't even need to check in the controller if you don't want to but I do to save on time. With out seeing your code it's hard to tailor the answer but if you grasp the concept here it should help (I hope...).

You might also want to check out this page from Joomla on authorization and privileges.

Answer 3

Hard to answer precisely since you only give a non-joomla url as an example, but at the top of every Joomla script is the following line:

defined('_JEXEC') or die( 'Restricted access' );

You obviously can't prevent a user from typing in the url, so this will at least detect if a session is already in place. If the user isn't in an active Joomla session, this will fire and prevent access. You could easily adapt it to do whatever you want to happen for your requirement, depending on whatever you have to check with, i.e. if the referrer is your payment gateway, etc.