PHWinfo - Afficher un message - "force" user to use site in defined order?

01/04/2008, 10h38

Scripsit Geoff Cox:

> I am preparing a site where it is important that the user moves from
> page 1 to page 2 to page 3 etc as a series of tests are presented and
> the order is important.

What makes you think this is an HTML question, or a JavaScript question?
Followups set to the the group where this is less off-topic than in the
other. In future, please select _a_ group properly. (Hint: use
comp.infosystems.www.authoring.misc if you think it's about WWW
authoring but you cannot select a more specific group.)

> Is it possible to make sure that this happens?!

No.

> One thought I've had is that to stop a user arriving at say page 2 by
> using Google, I can put all these pages into a password protected
> folder (using htaccss/htpasswd). The users would be presented with the
> same user name and password on the public page. Is there any other
> way?

That does not prevent people from accessing page 2 first. They just need
the password from a pal. Or something like that.

But it would piss off users.

You can use <meta> tags to ask indexing robots not to index pages 2, 3,
etc. Most of them will honor the request. Does this leave you some
_real_ problems? Which? What will happen, really, if someone views page
2 before viewing page 1? The world, as we know it, will end? You will be
prosecuted? The user sees a spoiler?

If this is a _real_ problem, please re-raise it in a more appropriate
forum and explain what you are really doing and what your server-side
programming capabilities and skills are.

You would probably get reasonably close by arranging things so that page
2 has no direct address of its own and page 1 contains a form consisting
only of a submit button and some hidden field(s), and the form would
have method="POST". The action="..." attribute would refer to a
server-side script that checks its data for the presence of some
specific field(s) with specific value(s) (as specified in the hidden
field[s] of the form); if they are present, the script would return the
content of page 2, otherwise an error code and an error explanation
page.

Of course, the "protection" would be easy to break, but only by someone
who is really interested and studies the techniques used. For a safer
approach, you would make page 1 dynamically generated and would make the
hidden field be different for each occasion, and your server would
contain a file of generated hidden field values and would remove a value
as soon as it has been found in a request. That is, for each page 1
generated, page 2 could be accessed _once_. So page 2 would resemble the
scrolls in Rogue, the game (you know, "as you read the scroll, it
vanishes").

Now, there's the simple problem of a user who has so accessed page 2 and
saves a local copy of it and uploads it on a server. I hope your next
question won't be "How do I prevent people from saving my page?"

--
Jukka K. Korpela ("Yucca")
http://www.cs.tut.fi/~jkorpela/

01/04/2008, 10h38	#6
Jukka K. Korpela Messages: n/a Hébergeur:	Re: "force" user to use site in defined order? Scripsit Geoff Cox: > I am preparing a site where it is important that the user moves from > page 1 to page 2 to page 3 etc as a series of tests are presented and > the order is important. What makes you think this is an HTML question, or a JavaScript question? Followups set to the the group where this is less off-topic than in the other. In future, please select _a_ group properly. (Hint: use comp.infosystems.www.authoring.misc if you think it's about WWW authoring but you cannot select a more specific group.) > Is it possible to make sure that this happens?! No. > One thought I've had is that to stop a user arriving at say page 2 by > using Google, I can put all these pages into a password protected > folder (using htaccss/htpasswd). The users would be presented with the > same user name and password on the public page. Is there any other > way? That does not prevent people from accessing page 2 first. They just need the password from a pal. Or something like that. But it would piss off users. You can use <meta> tags to ask indexing robots not to index pages 2, 3, etc. Most of them will honor the request. Does this leave you some _real_ problems? Which? What will happen, really, if someone views page 2 before viewing page 1? The world, as we know it, will end? You will be prosecuted? The user sees a spoiler? If this is a _real_ problem, please re-raise it in a more appropriate forum and explain what you are really doing and what your server-side programming capabilities and skills are. You would probably get reasonably close by arranging things so that page 2 has no direct address of its own and page 1 contains a form consisting only of a submit button and some hidden field(s), and the form would have method="POST". The action="..." attribute would refer to a server-side script that checks its data for the presence of some specific field(s) with specific value(s) (as specified in the hidden field[s] of the form); if they are present, the script would return the content of page 2, otherwise an error code and an error explanation page. Of course, the "protection" would be easy to break, but only by someone who is really interested and studies the techniques used. For a safer approach, you would make page 1 dynamically generated and would make the hidden field be different for each occasion, and your server would contain a file of generated hidden field values and would remove a value as soon as it has been found in a request. That is, for each page 1 generated, page 2 could be accessed _once_. So page 2 would resemble the scrolls in Rogue, the game (you know, "as you read the scroll, it vanishes"). Now, there's the simple problem of a user who has so accessed page 2 and saves a local copy of it and uploads it on a server. I hope your next question won't be "How do I prevent people from saving my page?" -- Jukka K. Korpela ("Yucca") http://www.cs.tut.fi/~jkorpela/