Jump to content

[SOLVED] come from one page only

ronnie88

By ronnie88
in PHP Coding Help

 Share

Recommended Posts

JonnyThunder Newbie

JonnyThunder

Posted
Posted

My understanding was that it's so people can't access the database query page directly, without going through another page first.  in which case, the example i've given is the easiest method to use. 

 

My understanding is probably wrong though - it often is!  :P

MasterACE14 Advanced Member

MasterACE14

Posted
Posted

lol, well I'm thinking its probably something along the lines of a cron file, or some file that is only accessed at certain times. Which would make sense. In that case, the file should be put in the system root where it can't be touched. Or.... MD5 the file name, and MD5 the folder its in lol, and bolt it all up more secure then Alcatraz.

MasterACE14 Advanced Member

MasterACE14

Posted
Posted

so users can't gain access by going to the php file to run a mysql command only when you refer by a certain page..

 

But are the users "logged in" to the website at the time. as in, they logged in using a form, and a session var has been set to show they are logged in. If thats the case, then its much easier to make a script to secure the mysql command file.

ronnie88 Member

ronnie88

Posted
  • Author
Posted

i probley did it wrong

i placed this into the file that is going to the protected file

<? 
define(ALLOW_PAGE_LOAD, true);
?>

and this in the target file

<?
if (!ALLOW_PAGE_LOAD) die ("You're not allowed to view this page directly");
?>

 

lol I know it was an example but I don't know how I would incorporate it  thanks

 

yea logged in using a session and all

MasterACE14 Advanced Member

MasterACE14

Posted
Posted

well if there logged in with a session. and if you got there info in a database. grab there ID or username, whatever from the database, and on the mysql script page, check if it equals the ID or username of who you want to have access to it.

ronnie88 Member

ronnie88

Posted
  • Author
Posted

well its actually a game start your own virtual airline and manage it... they wait however long there flight is then after the timer stops it gives a link to the php file which has the mysql update and adds the cash to there cash column... Thats what I meant johnny its in the right place..

unkwntech Member

unkwntech

Posted
Posted

From some testing I just did I would remit my last post and advise against using $_SERVER['HTTP_REFERER'].

I would do this on the page that does the query:

<?php
session_start()
if(isset($_SESSION['varName']))
{
   die("You're not allowed to view this page directly");
}
$_SESSION['varName'] = "123";
//do query
?>

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.