Ken2k7 Posted January 20, 2008 Share Posted January 20, 2008 So I have this PHP file with contents I want to run strictly as an external file: <script src='blah.php'> In that PHP file, I'm currently using $_SERVER['HTTP_REQUEST'] to check the site using it, but the problem is if the user were to put up a link and click it, that won't work. Is there any method to prevent this linking? Quote Link to comment Share on other sites More sharing options...
werty37 Posted January 20, 2008 Share Posted January 20, 2008 Hi Try this. if (__FILE__ == $_SERVER['SCRIPT_FILENAME']) exit('You cannot access this file directly'); Cheers Sujith Quote Link to comment Share on other sites More sharing options...
Ken2k7 Posted January 20, 2008 Author Share Posted January 20, 2008 Hi Try this. if (__FILE__ == $_SERVER['SCRIPT_FILENAME']) exit('You cannot access this file directly'); Cheers Sujith Hello, Thanks for the response Sujith, but what do I edit into the SCRIPT_FILENAME? The full URL path or just the file name? And I assume that's the only thing I have to edit, am I right? Thanks, Ken Quote Link to comment Share on other sites More sharing options...
werty37 Posted January 20, 2008 Share Posted January 20, 2008 Hi Ken2k7, Add this code to the beginning of the file and others wont be able to access the file directly. Hope this is what you needed Cheers Sujith Quote Link to comment Share on other sites More sharing options...
Ken2k7 Posted January 20, 2008 Author Share Posted January 20, 2008 Hello, Sorry to say that it didn't do anything Thanks for the help though, Ken Quote Link to comment Share on other sites More sharing options...
werty37 Posted January 20, 2008 Share Posted January 20, 2008 Hi So I have this PHP file with contents I want to run strictly as an external file: <script src='blah.php'> In that PHP file, I'm currently using $_SERVER['HTTP_REQUEST'] to check the site using it, but the problem is if the user were to put up a link and click it, that won't work. Is there any method to prevent this linking? You want blah.php to be accessed by say index.php and not by others right.... put the above code in blah.php at the top. Regards Sujith Quote Link to comment Share on other sites More sharing options...
mike177 Posted January 20, 2008 Share Posted January 20, 2008 Hi, if everything else fails, and I don't mean to be a smart %&* plus you've probably already tried it but maybe pay a little visit to Google. It wouldn't hurt. Quote Link to comment Share on other sites More sharing options...
Nhoj Posted January 20, 2008 Share Posted January 20, 2008 If you're trying to include this file with say: include('file.php'); You can put: if (strpos($_SERVER['PHP_SELF'], 'file.php') !== false) { die('You cannot access this file directly...'); } To keep people from visiting the page in their web browser. If you are trying to include the page with say <img src="file.php"> You could try also checking $_SERVER['HTTP_REFERER']. If you were to check HTTP_REFERER you could check to see if the page was requested from your site. if ($_SERVER['HTTP_REFERER'] != 'http://'.$_SERVER['SERVER_NAME'].'/file.php') { die('You cannot access this file directly...'); } With that, if someone were to link to the file or include it in any html src tag on your site, it would work, but if they tried it anywhere else it wouldn't... Otherwise I don't think there's any way to make it so only <tag src="file.php"> is possible but linking is not on both your site and other sites. Quote Link to comment Share on other sites More sharing options...
Ken2k7 Posted January 20, 2008 Author Share Posted January 20, 2008 Hi Ken2k7, Add this code to the beginning of the file and others wont be able to access the file directly. Hope this is what you needed Cheers Sujith Hello werty37, If I put that code up, then the external wouldn't work either. I don't want that. @Nhoj: I don't understand what strpos($_SERVER['PHP_SELF'],'file.php') does. Can you explain? Thanks, Ken Quote Link to comment Share on other sites More sharing options...
Ken2k7 Posted January 20, 2008 Author Share Posted January 20, 2008 *bump* Any other suggestions? Quote Link to comment Share on other sites More sharing options...
teng84 Posted January 20, 2008 Share Posted January 20, 2008 does this doest sort this out $_SERVER['HTTP_REFERER'] can you explain a lite more? Quote Link to comment Share on other sites More sharing options...
Nhoj Posted January 21, 2008 Share Posted January 21, 2008 strpos (http://us2.php.net/manual/en/function.strpos.php) checks to see if the file name is inside the $_SERVER['PHP_SELF'] variable.... Meaning, if the name of your file is in the $_SERVER['PHP_SELF'] variable, someone is accessing the page directly, otherwise if it were used in an include() or require() function it would have the parent files $_SERVER['PHP_SELF'] value. Also, $_SERVER['HTTP_REFERER'] is used to determine the place that refered the user to the file... For example... If you were to make a file and put it on your website, lets say http://www.mydomain.com/file.php and inside file.php you placed: <? echo $_SERVER['HTTP_REFERER']; ?> If someone were to link to your page on say, myspace.com and a user clicked the link it would echo something to the effect of: 'http://www.myspace.com'. If someone simply typed the url of your page in the address bar, it wouldn't display anything at all, because no one refered the user to the link. Hope this helps.... Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.