OLM3CA Posted August 26, 2006 Share Posted August 26, 2006 HelloI have some questions about the security of my page.I have included pages in index.php IE:main.php upper.php footer.php etc ...When I click www......com/main.php or com/upper.php It appears but I dont want this page to shown by the users.İf so redirect user to the index.phpAnd the other question is : Yesterday when i click my URL appears a box showing to save the file ?ı was shocked and type other pages ex: connection.php I see that i am able to save and view the passwords and codes of the page! What happened ?And the last question is is there a prepared .htaccess security file that contains all security information.? Quote Link to comment Share on other sites More sharing options...
shocker-z Posted August 26, 2006 Share Posted August 26, 2006 1. You could set a variably in your template and then check if that is set in the included file > also can be done in the way of set a session in your template file $_SESSION['include']='yes'; and then in the include file use [code]if ($_SESSION['include'] == 'yes') {//all your include code $_SESSION['include']='no';} else {echo 'no direct access to this file';}[/code]this will mean that your included page will unset the session and therefore can't be accessed or a less the session has been set.2. you seem to have a problem with your MIME types if you are able to download the php file as source.regardsLiam Quote Link to comment Share on other sites More sharing options...
Orio Posted August 26, 2006 Share Posted August 26, 2006 Question 1:when you include the file include it this way-include("upper.php?code=123987555");Now upper.php will look like this:[code]<?phpif(isset($_GET['code']) && $_GET['code']=="123987555"){//do what the included file should do}else{echo("No direct Access here");}?>[/code]The problem with shocker-z's code is that after you visit the template once you can access the included file directly (because the session variable is set to "yes").Orio. Quote Link to comment Share on other sites More sharing options...
shocker-z Posted August 26, 2006 Share Posted August 26, 2006 The problem with shocker-z's code is that after you visit the template once you can access the included file directly (because the session variable is set to "yes").no because if it is set as yes then we set it to 'no' so it will only work that once.. never thought of using GET actualy because i was thinking that would be shown forgetting it would be passed..would you not have to use include("http://domain.com/upper.php?code=123987555");?? else it's not parsing it thru http server Quote Link to comment Share on other sites More sharing options...
OLM3CA Posted August 26, 2006 Author Share Posted August 26, 2006 so what would I do ? :) and Do I have to change .htaccess for security ?ı have done nothing with that it says origianally. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.