EXIT SCRIPT when run .php from Page?

[Gayner]

I have lol.php

 

but i dont want sum1 to beable to access it when they go to mysite.com/lol.php i want it to cut off all queries or php when they access and show a message "GTFO"

 

But i want my ajax stuff to still work with the lol.php

 

 

 

Help thx?

[RussellReal]

do something like this:

 

regular code

<?php
  $included = true;
  include('lol.php');
?>

 

lol.php

<?php

  if (!$included) die("GTFO");

  // rest of code here

?>

[Garethp]

The problem is that he is calling the page via AJAX. So the client side has to be able to access it via AJAX, so your method wouldn't work

[Gayner]

The problem is that he is calling the page via AJAX. So the client side has to be able to access it via AJAX, so your method wouldn't work

 

YEa just spent 3 hours lookng and now i notice tha,t is there any around this?

[ozestretch]

<-- ajax noob

 

Could you set a cookie/session on the page calling the ajax then check it exists on the lol.php?

 

Can ajax set a cookie before it calls the lol.php?

 

What about checking referrer? (although you could just load lol.php in the browser that has the domain open already?! right?)

[.josh]

make another script for your ajax. lol2.php or something.  Interact with lol2.php for ajax.  lol2.php then calls lol.php as needed.  You can then do any of the following with lol.php :

 

- write a condition to see if request is coming from anything other than lol2.php. If not, GTFO.

- change the chmod on lol.php so only server can access it.  This will allow lol2.php to call it, but not the user.  No custom GTFO per se...

- move lol.php outside of the public web directory (httpdocs, public_html, whatever).  Same thing as above.