I have a website where, when visitors land on any of a several landing pages (different languages), they are given an opportunity to enter any of a number of promotion codes into a form. If they enter one of the correct codes (stored on a SQL table), they go to another page with a form where they can give their mailing info to receive a free product. If the code they entered isn't on the table, they get a message the code they entered is invalid and are blocked.
This works through php. When the landing page form is entered and submitted, a URL something like this: website.com/formentry.php?promo=code is generated where 'code' matches whatever the user entered into the form. If “code" matches a string in the code column in the database table, they get sent to the entry form. If it doesn’t, they get blocked. To this point, everything works great and has been running smoothly for months.
However a problem has been identified recently: The landing pages can be circumvented by entering website.com/formentry.php?code=code directly into a browser’s URL field. This is a problem for several reasons and I need to prevent it from being possible.
Does anyone have any ideas for a solution; perhaps using the .htaccess file to send those URL requests back to the landing page?