how file accessed

[The Little Guy]

is there a way to check if a file is being accessed directly?

 

if(basename(__FILE__) == basename($_SERVER['PHP_SELF'])) send_404();

 

I have this, not sure if that woks or not

[ober]

Directly meaning someone requested that file versus you including it or something via another file?

 

It's called hot linking.  If you don't want a file to be accessed directly, move it outside of the public area of your webserver:

 

You probably have files here: /home/TLG/public_html/your_files_here_or_in_some_folder

 

Move them to: /home/TLG/some_folder/public_html

 

They cannot link directly to them in that case.

[The Little Guy]

Well the browser has to be able to access this file, but I don't really want people to be able to access this file directly.

 

I have some javascript that has to accesses this file, and that is the ONLY thing I want to access it.

[ober]

Javascript is client side so it cannot access a file outside of the public area.

[The Little Guy]

Javascript is client side so it cannot access a file outside of the public area.

 

I know.

 

That is why I am looking for a way in the php file that checks to see how the file was accessed. if it was accessed from my file then allow it to run otherwise skip to the end and exit.

[ober]

The only thing you can get from the file is creation and modification times, not method of access.

[PFMaBiSmAd]

Anything you can do, such as using a session variable to make sure someone as least visited your main page, can be bypassed by visiting your main page first. Why do you want to prevent the direct access?

[The Little Guy]

Because I don't want someone to go to the specific page and press refresh 500 times to boost their site hits.

[The Little Guy]

the best I have so far is this and it works if your not trying to hack:

if(basename(__FILE__) != basename($_SERVER['HTTP_REFERER']) && basename($_SERVER['HTTP_REFERER']) != ''){

[premiso]

Because I don't want someone to go to the specific page and press refresh 500 times to boost their site hits.

 

Session and or cookies would be your best bet IMO. Although these are bypassable not many people know how to bypass it. You can also do an IP deal. if the IP has hit more than 5 times in x minutes or x seconds then inform them of the infringement and that their stats are now under investigation and may be altered.

 

Just remember that unique hits are not always accurate cause it is hard to know who is legit and who isn't.