Guest Xanza Posted July 10, 2008 Share Posted July 10, 2008 I want to do it via php, and not .htaccess.. I've seen it done before, but I can't seem to find it again. Anyone willing to help? Link to comment https://forums.phpfreaks.com/topic/114092-stopping-direct-script-access/ Share on other sites More sharing options...
discomatt Posted July 10, 2008 Share Posted July 10, 2008 Just define a constant in your scripts that load the file... check for that constant's existence in your include file, and if it's undefined ( direct access ), silently exit() or throw a 404 via the header() command. Link to comment https://forums.phpfreaks.com/topic/114092-stopping-direct-script-access/#findComment-586401 Share on other sites More sharing options...
Guest Xanza Posted July 10, 2008 Share Posted July 10, 2008 Well actually, there are only two files. One is a login page, that displays the files.php page, but you are able to go right to: http://www.mysite.com/files.php... I want to stop this, but still allow the people that login to view. Link to comment https://forums.phpfreaks.com/topic/114092-stopping-direct-script-access/#findComment-586414 Share on other sites More sharing options...
discomatt Posted July 10, 2008 Share Posted July 10, 2008 Well, make sure that the user is logged in. Use sessions to store the login status, and check for it on files.php Link to comment https://forums.phpfreaks.com/topic/114092-stopping-direct-script-access/#findComment-586426 Share on other sites More sharing options...
Guest Xanza Posted July 10, 2008 Share Posted July 10, 2008 I decided to use cookies, cause well... I've never worked with them before - but of course I'm getting some errors. index.php <?php $url = $_GET['url']; if($url == "files"){ include('files.php'); } $Password = 'passwd'; if(isset($_POST['submit_pwd'])){ $pass = isset($_POST['passwd']) ? $_POST['passwd'] : ''; setcookie('logged_in', '1'); if($pass != $Password) { showForm("Wrong password"); exit(); } } else { showForm(); exit(); } function showForm($error = "LOGIN"){ ?> <html> <head> <title>I don't think so!</title> </head> <body> <div id="main"> <div class="caption"><?php echo $error; ?></div> <form action="index.php?url=files" method="post" name="pwd"> Password: <table> <tr><td><input class="text" name="passwd" type="password"/></td></tr> <tr><td align="center"><br/> <input class="text" type="submit" name="submit_pwd" value="Login"/> </td></tr> </table> </form> </div> </body> <?php } ?> files.php <?php if(!$_COOKIE['logged_in'] == '1'){ echo "Try logging in first."; } else { if($handle = opendir('.')){ while(false !== ($file = readdir($handle))) { if ($file != "." && $file != ".."){ $thelist .= '<a href="'.$file.'">'.$file.'</a><br/ >'; } } closedir($handle); } echo <<<HTML <center> <P>$thelist</p> </center> HTML; } ?> When I test the script, and login with the correct password, I get this error: Try logging in first. Warning: Cannot modify header information - headers already sent by (output started at /www/domain.com/files/files.php:4) in /www/domain.com/files/index.php on line 12 Link to comment https://forums.phpfreaks.com/topic/114092-stopping-direct-script-access/#findComment-586530 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.