Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

"unopenable" Scripts?

Started by Manixat, Nov 22 2012 11:13 AM

Please log in to reply

8 replies to this topic

#1 Manixat

Advanced Member

Members
166 posts

Posted 22 November 2012 - 11:13 AM

Hello,

I have this question as to how I can make my scripts so that they cannot be opened individually, only called by other scripts?

eg. buddy_list.php is a page that facebook uses to load your friends, but if you attempt to open facebook.com/buddy_list.php it will load the "Page was not found" page

Back to top

#2 kicken

Wiser? Not exactly.

Gurus
1,814 posts

LocationBonita, FL

Posted 22 November 2012 - 11:19 AM

You could check whether the $_SERVER['REQUEST_URI'] points the file or not. If it does have the script exit; possibly with an error message.

Another common and relatively easy thing to do is have your main files define() a constant which you then check for in your other files. Example:

index.php:

<?php
define('PROPER_REQUEST', true);
include('buddy_list.php');

buddy_list.php

<?php
if (!defined('PROPER_REQUEST')) die("Invalid Request.");

//... rest of script

Recycle your old CD's, don't trash them!
Did I help you out? Feeling generous? I accept tips via Paypal or Bitcoin @ 14mDxaob8Jgdg52scDbvf3uaeR61tB2yC7

Back to top

#3 Muddy_Funster

Advanced Member

Members
2,763 posts

Posted 22 November 2012 - 11:22 AM

It could be because the page isn't actualy there (.htaccess url rewrite?).
Or another way could be that PHP can, I belive, be given access to the servers file system, not just the webdir. This meens that you can, in theory, require/include/fopen/file/...etc anywhere that php has the rights to access, even if the http demon doesn't have those rights.

A simple password hash :

function makePass($word=''){
  $dbSalt = '$2a$07$'.substr(hash('whirlpool',$word),0,22);
  $dbPass = crypt($word, $dbSalt);
 return substr($dbPass,12);
}

My SQL/PHP Blog

Back to top

#4 Manixat

Advanced Member

Members
166 posts

Posted 22 November 2012 - 11:59 AM

Having the $_SERVER['REQUEST_URI'] checked would be the thing I'd go for, but the problem is I already have too many scripts and having to hardcode it to all of them will be lots of work, I was hoping there was a less painful way?

Using htaccess makes "main" pages unable to access scripts as well :/

Back to top

#5 Pikachu2000

I hate everything.

Administrators
11,378 posts

LocationFuture Independent Republic of Texas
Age:106

Posted 22 November 2012 - 12:04 PM

Unless I've overlooked something, for scripts that are not to be directly accessed this should work.

if( basename(__FILE__) === basename($_SERVER['SCRIPT_NAME']) ) {
	die('Direct access to this file is not allowed.');
}

"Java" is to "Javascript" about the same as "fun" is to "funeral".

Why $_SERVER['PHP_SELF'] is bad. || Why ORDER BY RAND() is bad || Every problem can be solved with rm -rf *

Random Quote: "

Back to top

#6 PFMaBiSmAd

Advanced Member

Moderators
16,767 posts

LocationColorado, U.S.A.

Posted 22 November 2012 - 12:09 PM

Using htaccess makes "main" pages unable to access scripts as well

Not if you are including them using a file system path, which is the normal way. Using a URL to include files takes from 10 to 100 times longer to execute, only includes the content that the file outputs, and means that you won't be able to prevent http requests to them because the http request your main page is making to them must work, therefor a http request from a browser must work as well.

Signature: (not a comment about anything you posted unless specifically indicated)
Debugging step #1: To get past the garbage-out equals garbage-in stage in your code, you must check that the inputs to your code are what you expect.

Programming is just problem solving, but it is done in another language. You must learn enough of the programming language you are using to be able to read and write code.

Back to top

#7 Manixat

Advanced Member

Members
166 posts

Posted 22 November 2012 - 12:49 PM

Unless I've overlooked something, for scripts that are not to be directly accessed this should work.
if( basename(__FILE__) === basename($_SERVER['SCRIPT_NAME']) ) {
	die('Direct access to this file is not allowed.');
}

basename(__FILE__)

this causes an internal server error O.o

Not if you are including them using a file system path, which is the normal way. Using a URL to include files takes from 10 to 100 times longer to execute, only includes the content that the file outputs, and means that you won't be able to prevent http requests to them because the http request your main page is making to them must work, therefor a http request from a browser must work as well.

I'm not quite sure I understand what you mean, I use relative paths ?

Another common and relatively easy thing to do is have your main files define() a constant which you then check for in your other files. Example:

index.php:
<?php
define('PROPER_REQUEST', true);
include('buddy_list.php');
buddy_list.php
<?php
if (!defined('PROPER_REQUEST')) die("Invalid Request.");

//... rest of script

Another thing I thought about is that this will not work out well with ajax

Edited by Manixat, 22 November 2012 - 01:03 PM.

Back to top

#8 jcbones

Advanced Member

Members
2,262 posts

LocationNorth Carolina

Posted 22 November 2012 - 08:03 PM

For ajax, you would send a token that is preset by the server, and checked on page request.

Back to top

#9 Pikachu2000

I hate everything.

Administrators
11,378 posts

LocationFuture Independent Republic of Texas
Age:106

Posted 22 November 2012 - 11:13 PM

basename(__FILE__)
this causes an internal server error O.o

That's odd, it works fine for me. What shows up in your error logs?

"Java" is to "Javascript" about the same as "fun" is to "funeral".

Why $_SERVER['PHP_SELF'] is bad. || Why ORDER BY RAND() is bad || Every problem can be solved with rm -rf *

Random Quote: "