Demonic Posted September 1, 2006 Share Posted September 1, 2006 Problem: I got files that you can just go to the file and view it and do anything to itQuestion: How can i make it so I Can tell a user that they cant view that page unless thier viewing it in the admin control panel.More like this: AdminCP has Frames and includes files so your on the same page the whole time admincp.php and you can access files that way,but how can i make it so its only viewable threw the admincp.php file and not allowed to be viewed any other way(even if they know the direct link kinda like IPB has) Quote Link to comment Share on other sites More sharing options...
Gruzin Posted September 1, 2006 Share Posted September 1, 2006 Think u have to use sessions... Quote Link to comment Share on other sites More sharing options...
Demonic Posted September 2, 2006 Author Share Posted September 2, 2006 bump Quote Link to comment Share on other sites More sharing options...
Demonic Posted September 2, 2006 Author Share Posted September 2, 2006 Sorry,but you didn't meet my needs maybe you didn't understand my question.I Ment say if a user is going to a site and hes at the page bam.phpand bam.php is in the users address bar right? Yeah now say i don't want no one to be able to view that page directly like if their on blah.com/bam.php they can view it but say if their in the admincp and I have a frame that includes the bam.php file and is now availible to view since you are not viewing the page directly and not going straight to the link instead you are viewing bam.php from admin.php page. Understand me? Best I could explain.And as you can see I dont need a register script?Hence my bulletin board in my sig. Quote Link to comment Share on other sites More sharing options...
.josh Posted September 2, 2006 Share Posted September 2, 2006 well this is just a random thought: how about creating a token on admin.php and passing that var to bam.php and then bam.php checking for the token and if it is right. if it is not, then obviously the page was not accessed by admin.php. or check http_referer on bam.php to see if the refering page was admin.php, depending on you setup your script. Quote Link to comment Share on other sites More sharing options...
Demonic Posted September 2, 2006 Author Share Posted September 2, 2006 if you think about it :) that might work ;).<?php $link = "http://mysite.com/admincp.php";if($_SERVER['HTTP_REFERER'] ==$link){echo $_SERVER['HTTP_REFERER']; }else{echo "False";}?>I did me a little test. Works. Of Course link doesn' work above. Quote Link to comment Share on other sites More sharing options...
.josh Posted September 2, 2006 Share Posted September 2, 2006 you mean if YOU think about it? anyways... your welcome. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.