Menu
I want to make my php page only accessible from another page redirect and prevent my user from accessing it directly.
I mean, let's say I have a page called "main.php" and another PHP file that I want to prevent direct access to, called "noaccess.php".
I want to make noaccess.php accessible only if I redirect from main.php
Any suggestions?
UPDATE: Session is a good idea, but the problem is I have to use JavaScript to redirect the page, so the question is, can I use ajax to set a PHP session?
UPDATE 2: OK I found the solution, I don't need preventing direct access now, as I can check from mysql whether the page needs to be accessible or not.
756
Deny access to all files in your include directory. If your PHP include files are located in a particular directory, you can tell your web server to deny all access to it. Apache. If you are using Apache, you can create a .htaccess file and place it in the directory in question. This .htaccess file should contain the following directives:
To prevent access to pages, the best practice is to use session variables say $_SESSION['username'] and $_SESSION['password'] to check against your database table record assuming your table name is "users", the fields 'username' and 'password' in order for users to gain access to the page, else they are redirected to the log in page for them to ...
Restart Apache server to apply changes. Now when a user tries to access /form.php via GET request on a browser or CLI then they will be redirected to home page. Apache, PHP direct access. permalink .
If a file calling only via AJAX then it is better to disable it from direct access for security reason. In web technology, it is always said that allow only those which is necessary. It is applicable for any types of file, code, part of the code, directory and so on.
What if everytime you were going to redirect you saved a value in the $_SESSION variable. So you have
//code
$_SESSION['fromMain'] = "true";
header("Location: noaccess.php");
Then in noaccess.php put
if($_SESSION['fromMain'] == "false"){
//send them back
header("Location: foo.php");
}
else{
//reset the variable
$_SESSION['fromMain'] = "false";
}
I really don't know if this would work or not, but this is what I would try off the top of my head.
172
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
