I've got a web page on the Joomla based website that i'm attempting to make inaccessible to anybody but individuals who've been rerouted there via a redirect page.

Essentially, they'd purchase something on the form on my small page that is integrated with Paypal, so when Paypal payment is done I've them rerouted for this specific page. I'm not going anybody to have the ability to just copy this url and have the ability to return towards the page later. It is possible to method of doing this?

Then you've to keep some "token" inside your database, that is invalidated after the very first time a coming back client accesses your "thanksInch page. The token ought to be provided to the customer (within the URL) whenever you redirect him to Paypal and as he returns following a valid payment, the token must be in URL. So far as I recall from the moment I attempted to make use of PayPal in a single of my projects, you'll be able to pass something similar to this to Paypal and have it fixed.

Checking a redirect is really a poor method of doing this. May be can be simply spoofed. Rather possess the pages you need a redirect from to produce a session record of some type and pass the ID of this record within the query string towards the restricted page. The restricted page can deny when the session ID doesn't appear in the database or perhaps is too old.

It has been some time since i have labored with Joomla. You may have the ability to consider the Server variables and appearance the Mentioning URL. When not your webpages or paypal, you'll be able to redirect the consumer towards the page of your liking.

I'd incorporate a specific token around the redirect. Perhaps a Guid which has a limited existence and it is designated to that particular specific user.

Paypal includes a feature known as Express Checkout that does precisely what you are searching for.

Should you only care the link expires soon after it's used, i quickly think you need to produce a one-time URL for that content you are attempting to safeguard. Have the act of buying produce a unique key or token, store the need for the token in your server, after which reference that token inside your link:


Once the link is clicked on, check against your saved values. You are able to expire them according to whatever criteria you would like.

If you should also prevent copying the Hyperlink to elsewhere, you could have the act of buying set a cookie using the token value. Then look into the cookie once the link is clicked on. This isn't foolproof since an educated user can copy the cookie too.