PHP - Block Direct Access To Certain Pages.

I've got a question, I thought I'd be able to do this fairly easily. I don't want to do an .htaccess solution also.

I tried this,

define('ACCESS', TRUE);


// then on other page 
 if(!defined('ACCESS'){die('Direct access not allowed.');}


Need some assistance, appreciated.

I have solved this now.

I am using the debug_backtrace() php function to prevent direct access to admin files. i simply place the code below at the top of a page eg config.php and direct access via the browser is prevented.   Is it a safe practice or is there a better way of doing it?

<?php

debug_backtrace() || die ("Direct access to this resource is  forbidden");

?>

Thanks

I use jQuery when adding messages. However, the file can be called directly. For example: includes/add_comment.php?id=2

So, I can make a form and call this file directly to add a message. ID is user id and form can be submited with HTML form wherever are located.

How to prevent direct access to the file when called through a Ajax?

This topic has been moved to PHP Applications.

http://www.phpfreaks.com/forums/index.php?topic=348274.0

Hi guys so i want to make page acces to certain ranks.

So im thinking for something like this

    rank1 -> home.php, admins.php
    rank2 -> home.php
    rank3 -> home.php
    rank4 -> home.php

So the ranks are in a database with the page names. So now when someone logs in they will get a certain rank. So now i need to make a function that will check if the rank has access to this page.

$curPageName = substr($_SERVER["SCRIPT_NAME"],strrpos($_SERVER["SCRIPT_NAME"],"/")+1);

This will detect the current page that the logged in person is at now. But now how do i check if the $_SESSION['rank']; (rank1) has the access to get in page admins.php, and obviously to make $_SESSION['rank'];(rank2) redirect from the page admins.php

Could someone point me in the right direction? Do i select the ranks and page names from database then put it into a array?

Thanks.

Hi guys, in my database i have the table called users, where i have 5 fields (id, username, email, password, user_level) - for the user_level field i have 2 options administrator and editor.   What i want to do is that when the user who is logged in have administrator in the user_level field to see all the pages from backend, and the user who have in the user_level field editor to see only some of the pages from the backend such as newsletter, or messages.   I hope you understand what i'm asking if not fell free to ask me if you need more specific details.   I tried to make a php page called access.php wher i put the following code, but not working

<?php
session_start();
$sql = $mysqli->query("SELECT user_level FROM imobiliare_users WHERE id=$id");
$user_level = $mysqli->query($sql);
echo $user_level;
if ($user_level !="administrator") {
	echo "You are not the proper user type to view this page";
    die();
  }
?>

Hope you can help me. Thx in advance for help.

I just finished a page of code that passes all the debug tests except for the very last line on the page. </html>. The page has php and html, java script and some SQL. (see I'm learning and hadn't placed a post until I exhausted my limited resources.

The Error Codeis:
PHP Parse error: syntax error, unexpected $end in C:\wamp\www\registerform.php on line 292

Here's my concern:

I read this error statement as an error()is missing. Please clarify something for me, You start the php code with <?php and end it with ?>.

 I also understand that the end() will stop all further operation. Correct. When you have a form call itself  for data checking,   and if the data is correct, send it to the appropriate database table, does one need to place the end() at the end of the php portion of the code? And if so, will it not stop any of the code from being read the first time the page is called?

Also since the FORMs action calls for the page to load itself for data verification, how at the end of the checking do I go call another page?
here's the page:

The page is attached:

I have my template files and some functions in my server which are available for direct reach.
like ;
my "index.php" file includes "loginpage.php" form which is ok when I enter www.site.com/index.php

but also when I enter to www.site.com/loginpage.php it works and shows me just login page. So  this is what I dont want. How can I prevent to reach the files directly like this, I want them to work just for other pages of my website, not for directly seeing.

By the way can this problem also be solved by hosting settings or mod_rewrite ?

I've just done a Contact Me form.

Once a message has been sent, I'd like to direct the user to a new page saying 'thanks for getting in touch', just so it's clear the message has been sent.

What's the best function to use for that? I tried require("message.php") and include() but the two files got mixed up and all I got was a mess!

Thanks in advance for any help

Trying to sort out setting a cookie that allows visitor to decide which sub domain to go directly to in subsequent visits.

Somewhat complicated by the fact that the sub domains are running seprate instances of wordpress.

Here's the code... any suggestions appreciated!

Code: [Select]
<?php
if (isset($_POST['submitted']))
{
$site=$_POST['site'];
setcookie("SitePref",$site, time() + 60*60*24*30, 'historybee.com');
if ($site == 'ms')
{
header("Location: http://ms.historybee.com/"); 
} 
elseif ($site == 'hs') 
{
define('WP_USE_THEMES', true);
require('./wp-blog-header.php');
}

} else {

//if we have a cookie, load the site
if (isset($_COOKIE['SitePref'])) 
{
if (($_COOKIE['SitePref']) == 'hs') {
define('WP_USE_THEMES', true);
require('./wp-blog-header.php');
    } else { 
header("Location: http://ms.historybee.com/");
}

} else { //if we don't have a cookie, load the form ?>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
<title>The National History Bee</title>
</head>
<body style="margin:0;padding:0;background: url('http://ms.historybee.com/wp-content/themes/makinghistoryblue/img/body_bg_hb5.jpg') repeat-x scroll center top #F2BF3B;">

<div align="center" style="width:800px;margin:0 auto;background:#fff;">

<p><img src="http://ms.historybee.com/wp-content/themes/makinghistoryblue/img/nhb_logo.png">

<p><h1>Welcome to the National History Bee!</h1>

<p>The National History Bee has both High School and Middle School competitions.

<p>Please choose which site you would like to visit.  Your choice will be remembered for 30 days.

<form action= "<?php echo $_SERVER['PHP_SELF']; ?>" method ="POST">

<input type="radio" name="site" value="ms"> Middle School Competition

<input type="radio" name="site" value="hs"> High School Competition

<input type ="hidden" name="submitted" value="true">

<p><input type="submit" value="Remember My Choice">
</form>
<br /><br /><br />
</div>
</body>
</html>

<?php } } ?>

Hello everyone, I have a question.

I'm trying to figure out a way to make it so that when a user visits a page for a certain file, they are given the file to download but can't see the link to that file.

Example:
There is a file on http://serverB.com/file.rar
A person goes to http://serverA.com/?file=file.rar
They can download http://serverB.com/file.rar without seeing the link to that file.

Is there any way to do this?

Thanks.

Hello,
I  want to prevent this page from being directly accessed by all via just putting its address in the address bar:
http://www.mysite.com/page1/page2/signup.php

I want to allow to be accessed this page only via clicking on a link in a particular page like:
http://www.mysite.com/activate/index.php

Please help me.

we have already see the facility in website gmail and facebook that when user log-in successfully then its redirects the page to another page automatically, can someone tell me how to redirect the page when log-in becomes successful ?   User tries to Log-in -> create session variable -> now redirect the page   I can verify user account details and set the session variable at the same time, but how to reload the page so that it finds the session and reload itself and then redirect the page to new page ??   Thanks for sparing your time here !!

Hello,

I'm having some major major issues, with a web hosting / PHP / MySQL database issue and if anyone can help that would be amazing! Okay first I have a MySQL database setup, with a table called "staff", within that there is a "username" and "password" field pretty self explanatory. I have a login in page (login.php) see first set of coding and a loginaction (loginaction.php) and what is suppose to happen is the loginaction checks the posted data against the database and if correct relocate to another page. I have had this coding and much more complex coding working on various other servers, but this is the first time I've ever dealt with BT Business webhosting, which is pretty useless right now and poor help to date from technicians who say it is a purely a coding issue. 

From what I have established I believe that the issue is occuring because BT don't have the apache server setup correctly for what I'm trying to do or that the browser is seeing the "$result" on "loginaction.php" and data, resulting in a white page of  certain doom!

Please help!!


login.php
[<?php include "sections/phparea.php";?>
<?php include "sections/header.php";?>
<?php include "sections/left.php";?>
    <!-- start content -->
        <div id="content">
                          <?php
                              // Include the formatted error message
                              if (isset($_SESSION['message']))
                            echo
                              "<h4>".$_SESSION['message']."</h4>";
                              // Generate the login <form> layout

                         ?>                 
                         <form action="loginaction.php" method="post" enctype="multipart/form-data">
                         <table class="tablelogin" >
                                 <tr>
                                 <td>
                                    <label for="email">E-mail Address</label>                               
                                </td>
                                 <td>
                                    <input type="text" name="email" id="email" />                               
                                </td>
                            </tr>
                            <tr>
                                <td>
                                    <label for="password">Password</label>                               
                                </td>
                                <td>
                                    <input type="password" name="password" id="password" />                               
                               </td>
                            </tr>
                            <tr>
                                <td>&nbsp;
                                   
                                </td>
                                <td>
                                    <a href="../ambustar/accountrecovery.php">Forgotten Password?</a>   
                                </td>
                            </tr>
                            <tr>
                                <td>&nbsp;
                                   
                                </td>
                                <td>&nbsp;
                                   
                                </td>
                            </tr>
                            <tr>
                                <td>
                                </td>
                                <td>
                                    <input type="hidden" name="count" id="count" value="1" />
                                    <input type="reset" name="reset" id="reset" value="Clear" />   
                                    <input type="submit" name="submit" id="submit" value="Log in" />   
                                </td>
                            </tr>
                          </table>
                         </form> 
        </div>
        <!-- end content -->
<?php include "sections/right.php";?>
<?php include "sections/footer.php";?>


                ]
loginaction.php
[<?php
    session_start();
   
    include "dbconnect.php";
   
    $email =$_POST["email"];
    $password =$_POST["password"];
    $query = "SELECT * FROM staff WHERE username = '$email' AND  password = '$password'";
    $result = mysql_query($query) or die ("Error in query: $query. ".mysql_error());
    // see if any rows were returned
    if (mysql_num_rows($result) > 0)
    {
        header("Location: test.php");
    }
    else
    {
        header("Location: login.php");
    }
?>
       
]
dbconnect.php
[<?php
    $hostname = "sql5c30a.carrierzone.com";
    $username = "user";
    $password = "password";
    $databaseName = "main_bikescarsandvans_co_uk";
    $connection = mysql_connect($hostname, $username, $password);   // or die ("Unable to connect!")
    mysql_select_db($databaseName) or die ("Unable to select database!");           
?> ]