Jump to content

Archived

This topic is now archived and is closed to further replies.

Demonic

How can i make users not able to view files directly

Recommended Posts

Problem: I got files that you can just go to the file and view it and do anything to it
Question: How can i make it so I Can tell a user that they cant view that page unless thier viewing it in the admin control panel.

More like this: AdminCP has Frames and includes files so your on the same page the whole time admincp.php and you can access files that way,but how can i make it so its only viewable threw the admincp.php file and not allowed to be viewed any other way(even if they know the direct link kinda like IPB has)

Share this post


Link to post
Share on other sites
Sorry,but you didn't meet my needs maybe you didn't understand my question.

I Ment say if a user is going to a site and hes at the page bam.php
and bam.php is in the users address bar right? Yeah now say i don't want no one to be able to view that page directly like if their on blah.com/bam.php they can view it but say if their in the admincp and I have a frame that includes the bam.php file and is now availible to view since you are not viewing the page directly and not going straight to the link instead you are viewing bam.php from admin.php page. Understand me? Best I could explain.

And as you can see I dont need a register script?Hence my bulletin board in my sig.

Share this post


Link to post
Share on other sites
well this is just a random thought: how about creating a token on admin.php and passing that var to bam.php and then bam.php checking for the token and if it is right. if it is not, then obviously the page was not accessed by admin.php. 

or check http_referer on bam.php to see if the refering page was admin.php, depending on you setup your script. 

Share this post


Link to post
Share on other sites
if you think about it :) that might work ;).

<?php
$link = "http://mysite.com/admincp.php";
if($_SERVER['HTTP_REFERER'] ==$link){
echo $_SERVER['HTTP_REFERER'];
}else{
echo "False";
}
?>

I did me a little test. Works. Of Course link doesn' work above.

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.