TalkPHP

TalkPHP (http://www.talkphp.com/forums.php)
-   General (http://www.talkphp.com/general/)
-   -   how to block a user from viewing a specific page (http://www.talkphp.com/general/2694-how-block-user-viewing-specific-page.html)

sarmenhb 04-24-2008 05:16 AM
how to block a user from viewing a specific page
 
im wondering how i would be able to program this.

say i have pages that dont have anything on it but has backend code.

how do i block people from typing that page into the url and view it?

delayedinsanity 04-24-2008 06:15 AM
a) Don't put it in your document root. Have scripts call it from a different location.

b) If you have an Apache server, deny it with .htaccess or in your httpd.conf

c) make sure the file extension is .php so that the code will be parsed and unviewable in the browser.

d) put up a stop sign.

e) password protect the directory (view .htpasswd or whatever your server uses)

f) disable indexes.

g) if you have a user authentication system and the script is an administration script of some sort, check for administrative authorization or kill the script if it's not found.

It all depends on the specifics of what you're doing, and why you're doing it.
-m

maZtah 04-24-2008 10:52 AM
PHP Code:
// Define something in your main files which are accessable (like index.php)
define('SYSPATH''path_or_something');

// Now put in every include file a check if the main file is loaded
defined('SYSPATH') or die('No direct script access.'); 
You can define whatever you like, this is just how Kohana does the trick :)

Village Idiot 04-24-2008 01:53 PM
At the beginning of every file, put something like
PHP Code:
define('IN_SCRIPT',true); 
And at the beginning of every source file that you dont want directly accessed.
PHP Code:
if(!IN_SCRIPT){die("No Direct Access");} 

Evulness 04-24-2008 02:05 PM
i've been using...

Code:
//on index page
define ('SysFile', '1');

//on every page that is to only be viewed if accessed via index.php before EVERYTHING...
if (SysFile != '1')
{
die ('Attempting to access Restricted file!');
}
that will check if SysFile = 1, if SysFile isn't defined, script dies.
You could do a header('Location: h*ttp://site.com/index.php instead of die()

something i just thought of... writing a little script to log attempts to access restricted files. http_refferer, ip, time , etc... so you can see when, who... i'll post something about this later, cause i just had some crazy ideas heh

sarmenhb 04-25-2008 01:31 AM
on the top of my page i put

define('accesslevel', true);
if(!accesslevel) { header("Location: index.php");


and i loaded the page and nothing happend.
what am i missing

(well obviously it wont work so what else do i need to put)

delayedinsanity 04-25-2008 01:52 AM
Well, if those are both on the same page, then ACCESSLEVEL is true, and therefore the if statement doesn't execute.

Just a note for security purposes, if you want to make sure that nobody is going to view your page, you may want to add exit() or die() after the header() statement. Good ole lynx doesn't care about your header's if it doesn't want to.
-m

sarmenhb 04-25-2008 02:02 AM
this worked for me

define('noaccess', false);
if(!noaccess) { header("Location: login.php"); }

delayedinsanity 04-25-2008 02:20 AM
PHP Code:
if (!NOACCESS) {
    header("Location: http://www.yoursite.com/login.php");
    die("aaaAAAaaaUUUuuuUuurrgh.");

Nor 04-25-2008 03:02 AM
Also don't forget the
PHP Code:
if(!defined('NOACCESS'))
{
//


All times are GMT. The time now is 02:06 AM.

Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.1.0