|
PHP - Deny Direct Access To A Php File
I've got a question, I thought I'd be able to do this fairly easily. I don't want to do an .htaccess solution also.
I tried this, define('ACCESS', TRUE); // then on other page if(!defined('ACCESS'){die('Direct access not allowed.');} Need some assistance, appreciated. Similar TutorialsA shipping vendor (like Stamps.Com) provides me a Printable Shipping Label to display on my website for Visitors to print.
When Visitors come to my page, my PHP code:
$Shipping_Label_Data = $LabelVendor->data[0]->contents; // vendor's API echo '<img src="/Label-Directory/'.$Order_Number.'.png" />'; Later I realized the security flaw: any snooper can fish for other Visitor's labels in my Label directory. What is the best way to prevent the display of other people's labels? Thank you!! I have solved this now. please it is very important!! I have a script (main file is index.php) that is called into an iframe src via an url reference... http://www.xxxx.com/folder/userfolder/folderwithemailname/index.php works perfectly!!.. How can i prevent someone getting direct url access to the file? if someone were to take the url: http://www.xxxx.com/folder/userfolder/folderwithemailname/index.php and place it into the address bar, they have access to the file... points to note: -i have no database for this script, -the iframe is called directly into a html file, - i dont know the userfolder or the emailfolder names, - and the index.php is linked to several other .php and .js and .html files in different folders.... // i can add something like this to these file:(i found this on the net). Add this to the page that you want to only be included <?php if(!defined('MyConst'){die('Direct access not premitted');} ?> then on the pages that include it add <?php define('MyConst', TRUE); ?> this will prevent the files being accessed, but then i cant access the file via the iframe url.. please any ideas??? best regards Tony I use jQuery when adding messages. However, the file can be called directly. For example: includes/add_comment.php?id=2 So, I can make a form and call this file directly to add a message. ID is user id and form can be submited with HTML form wherever are located. How to prevent direct access to the file when called through a Ajax? I have a php form for uploading file as the action sends to upload.php. How I can avoid any kind of direct access to upload.php? I want to kill the php process at the first line without performing the remaining code (it is very critical for me as I have a counter), except calls coming from form.php. Hello everyone, What is the best method of blocking direct access to certain files like functions, modules, and etc? I was trying the if ( ! defined('BASEPATH')) exit('No direct script access allowed');method but I feel like there must be a more convenient/better way. Any suggestions are appreciated, thank you. I want to perform a php process initiated by AJAX according to the method described in http://www.w3schools.com/PHP/php_ajax_database.asp with this line Code: [Select] xmlhttp.open("GET","getuser.php?q="+str,true); the php process in getuser.php is initiated. But how I can restrict direct access to getuser.php? If someone visit getuser.php?q=something; the process will be started for "something". I want to run the getuser.php process only and only when it is initiated from my main page. Hi, I am struggling to find an answer here.. If for example my iframe source, file.php has a initcheck/direct access block, how can i still have access to it in an iframe? <center><iframe name="frame1" id="frame1" style="width: 100%; height: 120px; z-index: 0; " scrolling="0" src="file.php" frameborder="0"></iframe></center> //then the file.php has an initcheck and itself includes multiple other files so i cant remove the initcheck.. //header of file.php // ################################################################ defined( '_MYAPP_INITCHECK' ) or die( '' ); // ################################################################ I am using the debug_backtrace() php function to prevent direct access to admin files.
i simply place the code below at the top of a page eg config.php and direct access via the browser is prevented.
Is it a safe practice or is there a better way of doing it?
<?php
debug_backtrace() || die ("Direct access to this resource is forbidden");
?>
Thanks
I've just done a Contact Me form. Once a message has been sent, I'd like to direct the user to a new page saying 'thanks for getting in touch', just so it's clear the message has been sent. What's the best function to use for that? I tried require("message.php") and include() but the two files got mixed up and all I got was a mess! Thanks in advance for any help In the form below how do I alter the code so when someone types something into the email that is clearly not recognized an an email address it either asks the customer to recheck or fails
<tr>
<td align="right"><?php echo $LANG['index_email_add']; ?> </td>
<td>:</td>
<td align="left"> <input name="email" type="text" id="email" required></td>
</tr>
<tr>
<td align="right"><?php echo $LANG['index_pass'] ; ?></td>
<td>:</td>
<td align="left"><input name="password" type="password" required id="password"></td>
</tr>
<tr>
<td align="right"><?php echo $LANG['postcode'] ; ?> </td>
<td>:</td>
<td align="left"><input class="input" id="geocomplete" type="text" placeholder="<?php echo $LANG['index_location']; ?>" name="address" required>
<input name="action" type="hidden" id="action" value="joinNow" /></td>
</tr>
The problem I have is that any data can be added to the 3 fields and by anything even using !@#$%^&*():"{}';<>.,
How do I prevent those special characters from being used.
When it asks for email I can enter ;
When it asks for password I can enter '
and last PostCode I can enter: ]
How to prevent this from happening?
Thanks
hi guys. i need some help with some code i wrote. i have a login script where there are some cookies get set like this: setcookie('user_id', $row['user_id']); in a logout script these cookies are supposed to be deleted and lost into oblivion... like this: setcookie('user_id', '', time() - 3600); The thing is... cookies wont die! i use firefox 3.6.8. i have tried some things like changing the ('') quotes with the ("") quotes. i ve changed the time to : time() - 993600 just to be sure. i ve even used the unset fucntion like this: unset($_COOKIE['user_id']); Even the cookie created by the session_start() is not get deleted with this: if (isset($_COOKIE[session_name()])) { setcookie(session_name(), '', time() - 93600); unset($_COOKIE[session_name()]); } does anyone have any idea what am i doing wrong. please? thank you for your time. Hi guys, I am making a site where users upload files (like images, pdfs, etc) to the server. My question is, how does Facebook handle file permissions, restricting access to files uploaded to their servers based on what a user sets? Because I need to implement a similar thing and have no idea how to do it in a clean way. I have had two thoughts on storing the files 1) in a DB or 2) in a folder out of the wwwroot, which would prevent access by anyone without knowing the path (or some such) but it is the more "real" permissions implementation I am stuck on. I obviously would like to achieve this with PHP and MySQL(i). Any help is much appreciated. Cheers in advance. I have created a lightbox where you can accept of deny friends. Each friend that is displayed has approved or deny buttons next to them. The approve button has a name like... approverequest[2] The delete button has a name like... denyrequest[2] where 2 is the users id My problem is that I can't get the data to update in mysql. Am I going about this the wrong way? Code: [Select] if (isset($_POST['acceptrequest'])) { if (is_array($_POST['acceptrequest'])) { $keys = array_keys($_POST['acceptrequest']); $id = $keys[0]; $sql = "UPDATE `partners` SET `approved` = 1, `approved_date` = NOW() WHERE `user_id` = '$id'"; header("Location: " . $_SERVER['PHP_SELF'] . "?" . $_SERVER['QUERY_STRING'] ); } } else if (isset($_POST['denyrequest'])) { if (is_array($_POST['denyrequest'])) { $keys = array_keys($_POST['denyrequest']); $id = $keys[0]; $sql = "UPDATE `partners` SET `approved` = -1, `approved_date` = NOW() WHERE `user_id` = '$id'"; header("Location: " . $_SERVER['PHP_SELF'] . "?" . $_SERVER['QUERY_STRING'] ); } } if (isset($sql) && !empty($sql)) { mysql_query($sql); } Is it possible to allow a script running on another server to write/read a specific file on my server? I can set file permissions, but not having any luck with file paths due to php5 blocking http:// urls. Hello everybody , This is my first topic here and I hope I will find the solution for my problem. I want to restrict access to file (for exemple: http://www.mysite.com/files/file0000.zip) to a just a specific IP that will be read from the database. And also store all other IPs trying to access this file. Can this be done, maybe through some php and htaccess? Thank you for any help or any other ideas. I have a file that an ajax function calls on my site, and I want to make sure only the right pages access it. For example. I have page called home (home.php) and on that page i have an ajax call, which calls a file called ajax.php. I want to make sure that when ajax.php is being executed, it is being executed via an ajax call, which is coming from the home page. is this possible? I have a weird kind of problem. I uploaded all upload-directories through FTP which have 777 permissions and owner name 'abc' This means I can access all of them through the codes. But while creating files inside those full permitted directories, the compiler complains for access denied. Meanwhile, a different directory is created with same name whose owner is 'apache' itself and the previous directory is lost. Then I cannot change the permissions of that directory through FTP. I don't if it is apache server's problem itself or not. Or is it a way to define user while creating/editing/deleting files and directories through php code itself? I have a MS Access database file hosted on my Godaddy server. I would like a simple php script to be able to access it and return values from it when I enter info from drop down boxes. Eg column one is item name Column two is price Column three is items remaining I want to pick an item from column one and have the appropriate values from columns two and three returned. I have done many searches but most reveal php scripts that interrogate SQL databases. Excuse my ignorance but are these what I want? If not can anyone please get me going on a php script? Ideally I don't want to change the format of the MS access database - I have it in xls and simply export and save it to access. If there is a simple way of reading directly from a specific tab in Excel that would be a better solution. Thank you.
RewriteCond %{HTTP_HOST} !^www.example.com.au$ [NC]
RewriteCond %{HTTP_HOST} !^https://www.example.com.au$ [NC]
RewriteRule ^(.*)$ http://www.example.com.au/$1 [R,L]
Hi All
I have my website 90% working on https, fully working on http and I have managed to redirect from none www to www
What I am looking to do it if the user happens to enter https then make them go to my www version
I have manage to get them to go to my www version if they do not put in www but I am lost in how to redirect them from https to http
here is what I have so far and I just cannot figure it out
thanks
Alan
|
|||||||