Soldiers3lite Posted April 6, 2010 Share Posted April 6, 2010 hello everyone, I've been looking for a great code that would allow me to use a .php file but should not be accessed only if some statements are true. My problem is as follows: I've set up a post comment script and it works fine, the problem is that if the user accesses the 'processor' (from the browser) which processes the comment and stores it into the database, actually posts a comment with blank fields. I'm trying to find a way so that the user can't access the processor without first being redirected from the 'submit' button and that all fields are filled. I was thinking about some 'if' statements to check that $name = "" is false otherwise it should return an error saying that fields are blank. but I want to know if there is a clearer way to achieve this, I don't want to chmod my files since it will make the the file 'non access-able' here is the link to the site: test3in1.vacau.com/contact.php Thanks in Advance! Link to comment https://forums.phpfreaks.com/topic/197791-php-disallow-direct-access-from-browser/ Share on other sites More sharing options...
yanjchan Posted April 6, 2010 Share Posted April 6, 2010 Hi! I see that you're using POST for your form. In that case, because it is very unlikely that a user will accidentally forge the data, you can just use the if statements you mentioned. To make it clearer, I suppose you could add a hidden field to your form: <input type="hidden" name="submitcheck" value="1" /> then check if the form was actually submitted using PHP: if (isset($_POST['submitcheck'])) { // do stuff here } else { // do nothing or display a message, because the form was not actually submitted. } If you are interested in preventing forged requests, then you might want to look into anti-XSRF methods. Reading this article might be a good start. Hope this helps! Jonathan Link to comment https://forums.phpfreaks.com/topic/197791-php-disallow-direct-access-from-browser/#findComment-1037954 Share on other sites More sharing options...
Soldiers3lite Posted April 6, 2010 Author Share Posted April 6, 2010 Hi! I see that you're using POST for your form. In that case, because it is very unlikely that a user will accidentally forge the data, you can just use the if statements you mentioned. To make it clearer, I suppose you could add a hidden field to your form: <input type="hidden" name="submitcheck" value="1" /> then check if the form was actually submitted using PHP: if (isset($_POST['submitcheck'])) { // do stuff here } else { // do nothing or display a message, because the form was not actually submitted. } If you are interested in preventing forged requests, then you might want to look into anti-XSRF methods. Reading this article might be a good start. Hope this helps! Jonathan Thanks for the quick reply, I was able to get it working by displaying a message if the values were blank, your idea is pretty good though and I'm sure it would work. I just did it the newbie style and checked the form like so: if($data1 == "" and $data2 == "" and $data3 == "") { echo "code to be executed if true"; } else { echo "submit and send form"; } Since I'm new to PHP I don't know all of the shorthand codes I really do the basic stuff Thanks Link to comment https://forums.phpfreaks.com/topic/197791-php-disallow-direct-access-from-browser/#findComment-1037968 Share on other sites More sharing options...
yanjchan Posted April 6, 2010 Share Posted April 6, 2010 No problem! Both methods should work perfectly fine, so it's up to you to choose. Good luck with your application! Jonathan Link to comment https://forums.phpfreaks.com/topic/197791-php-disallow-direct-access-from-browser/#findComment-1037971 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.