The Little Guy Posted December 30, 2008 Share Posted December 30, 2008 is there a way to check if a file is being accessed directly? if(basename(__FILE__) == basename($_SERVER['PHP_SELF'])) send_404(); I have this, not sure if that woks or not Quote Link to comment Share on other sites More sharing options...
ober Posted December 30, 2008 Share Posted December 30, 2008 Directly meaning someone requested that file versus you including it or something via another file? It's called hot linking. If you don't want a file to be accessed directly, move it outside of the public area of your webserver: You probably have files here: /home/TLG/public_html/your_files_here_or_in_some_folder Move them to: /home/TLG/some_folder/public_html They cannot link directly to them in that case. Quote Link to comment Share on other sites More sharing options...
The Little Guy Posted December 30, 2008 Author Share Posted December 30, 2008 Well the browser has to be able to access this file, but I don't really want people to be able to access this file directly. I have some javascript that has to accesses this file, and that is the ONLY thing I want to access it. Quote Link to comment Share on other sites More sharing options...
ober Posted December 30, 2008 Share Posted December 30, 2008 Javascript is client side so it cannot access a file outside of the public area. Quote Link to comment Share on other sites More sharing options...
The Little Guy Posted December 30, 2008 Author Share Posted December 30, 2008 Javascript is client side so it cannot access a file outside of the public area. I know. That is why I am looking for a way in the php file that checks to see how the file was accessed. if it was accessed from my file then allow it to run otherwise skip to the end and exit. Quote Link to comment Share on other sites More sharing options...
ober Posted December 30, 2008 Share Posted December 30, 2008 The only thing you can get from the file is creation and modification times, not method of access. Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted December 30, 2008 Share Posted December 30, 2008 Anything you can do, such as using a session variable to make sure someone as least visited your main page, can be bypassed by visiting your main page first. Why do you want to prevent the direct access? Quote Link to comment Share on other sites More sharing options...
The Little Guy Posted December 30, 2008 Author Share Posted December 30, 2008 Because I don't want someone to go to the specific page and press refresh 500 times to boost their site hits. Quote Link to comment Share on other sites More sharing options...
The Little Guy Posted December 30, 2008 Author Share Posted December 30, 2008 the best I have so far is this and it works if your not trying to hack: if(basename(__FILE__) != basename($_SERVER['HTTP_REFERER']) && basename($_SERVER['HTTP_REFERER']) != ''){ Quote Link to comment Share on other sites More sharing options...
premiso Posted December 30, 2008 Share Posted December 30, 2008 Because I don't want someone to go to the specific page and press refresh 500 times to boost their site hits. Session and or cookies would be your best bet IMO. Although these are bypassable not many people know how to bypass it. You can also do an IP deal. if the IP has hit more than 5 times in x minutes or x seconds then inform them of the infringement and that their stats are now under investigation and may be altered. Just remember that unique hits are not always accurate cause it is hard to know who is legit and who isn't. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.