PHP - Prevent Direct File Access

I have my template files and some functions in my server which are available for direct reach.
like ;
my "index.php" file includes "loginpage.php" form which is ok when I enter www.site.com/index.php

but also when I enter to www.site.com/loginpage.php it works and shows me just login page. So  this is what I dont want. How can I prevent to reach the files directly like this, I want them to work just for other pages of my website, not for directly seeing.

By the way can this problem also be solved by hosting settings or mod_rewrite ?

Hello,
I  want to prevent this page from being directly accessed by all via just putting its address in the address bar:
http://www.mysite.com/page1/page2/signup.php

I want to allow to be accessed this page only via clicking on a link in a particular page like:
http://www.mysite.com/activate/index.php

Please help me.

I have a php form for uploading file as the action sends to upload.php. How I can avoid any kind of direct access to upload.php? I want to kill the php process at the first line without performing the remaining code (it is very critical for me as I have a counter), except calls coming from form.php.

Hello everyone,

What is the best method of blocking direct access to certain files like functions, modules, and etc?

I was trying the
if ( ! defined('BASEPATH')) exit('No direct script access allowed');method but I feel like there must be a more convenient/better way.

Any suggestions are appreciated, thank you.

I want to perform a php process initiated by AJAX according to the method described in http://www.w3schools.com/PHP/php_ajax_database.asp

with this line
Code: [Select]
xmlhttp.open("GET","getuser.php?q="+str,true);
the php process in getuser.php is initiated. But how I can restrict direct access to getuser.php?

If someone visit getuser.php?q=something; the process will be started for "something". I want to run the getuser.php process only and only when it is initiated from my main page.

Hi,
I am struggling to find an answer here.. If for example my iframe source, file.php has a initcheck/direct access block, how can i still have access to it in an iframe?


<center><iframe name="frame1" id="frame1" style="width: 100%; height: 120px; z-index: 0; " scrolling="0" src="file.php" frameborder="0"></iframe></center>


//then the file.php has an initcheck and itself includes multiple other files so i cant remove the initcheck..

//header of file.php
// ################################################################
defined( '_MYAPP_INITCHECK' ) or die( '' );
// ################################################################

I was asked to make new thread for this, so how do I use a session or something to restrict access to a page.....like if accounttype=Admin, stay here, all others go away......do you need to see code, or can you just give me an example.......

Hiya,

Firstly, I'm a complete novice, apologies! But I have got my upload.php working which is nice. I will post the code below.

However, I would now like to restrict the file size and file type to only word documents.

I currently have a restriction of 200KB but it's not working - no idea why as I've looked at other similar codes and they look the same.

Also, just to complicate things - can I stop files overwriting each other when uploaded? At the moment, if 2 people upload files with the same name one will overwrite the other.

Is this too many questions in 1?

Any help is very much appreciated!

Code below:

Code: [Select]
<form enctype="multipart/form-data" action="careers.php" method="POST">
        Please choose a file: <input name="uploaded" type="file" /><br />
<input type="submit" value="Upload" />
</form>

<?php 
 $target = "upload/"; 
 $target = $target . basename( $_FILES['uploaded']['name']) ; 
 $ok=1; 
 
 //This is our size condition 
 if ($uploaded_size > 200) 
 { 
 echo "Your file is too large.<br>"; 
 $ok=0; 
 } 
 
 //This is our limit file type condition 
 if ($uploaded_type =="text/php") 
 { 
 echo "No PHP files<br>"; 
 $ok=0; 
 } 
 
 //Here we check that $ok was not set to 0 by an error 
 if ($ok==0) 
 { 
 Echo "Sorry your file was not uploaded"; 
 } 
 
 //If everything is ok we try to upload it 
 else 
 { 
 if(move_uploaded_file($_FILES['uploaded']['tmp_name'], $target)) 
 { 
 echo "Your file ". basename( $_FILES['uploadedfile']['name']). " has been uploaded."; 
 } 
 else 
 { 
 echo "Sorry, there was a problem uploading your file."; 
 } 
 } 
 ?>

I've just done a Contact Me form.

Once a message has been sent, I'd like to direct the user to a new page saying 'thanks for getting in touch', just so it's clear the message has been sent.

What's the best function to use for that? I tried require("message.php") and include() but the two files got mixed up and all I got was a mess!

Thanks in advance for any help

Hi guys,

I am making a site where users upload files (like images, pdfs, etc) to the server.

My question is, how does Facebook handle file permissions, restricting access to files uploaded to their servers based on what a user sets?
Because I need to implement a similar thing and have no idea how to do it in a clean way.

I have had two thoughts on storing the files 1) in a DB or 2) in a folder out of the wwwroot, which would prevent access by anyone without knowing the path (or some such) but it is the more "real" permissions implementation I am stuck on.

I obviously would like to achieve this with PHP and MySQL(i).

Any help is much appreciated.

Cheers in advance.

Hello everybody  ,
This is my first topic here and I hope I will find the solution for my problem.
I want to restrict access to file (for exemple: http://www.mysite.com/files/file0000.zip) to a just a specific IP that will be read from the database. And also store all other IPs trying to access this file.
Can this be done, maybe through some php and htaccess?

Thank you for any help or any other ideas.

Is it possible to allow a script running on another server to write/read a specific file on my server?  I can set file permissions, but not having any luck with file paths due to php5 blocking http:// urls.

I have a file that an ajax function calls on my site, and I want to make sure only the right pages access it.

For example.

I have page called home (home.php) and on that page i have an ajax call, which calls a file called ajax.php.

I want to make sure that when ajax.php is being executed, it is being executed via an ajax call, which is coming from the home page.

is this possible?

I have a MS Access database file hosted on my Godaddy server.
I would like a simple php script to be able to access it and return values from it when I enter info from drop down boxes.

Eg column one is item name
Column two is price
Column three is items remaining

I want to pick an item from column one and have the appropriate values from columns two and three returned.

I have done many searches but most reveal php scripts that interrogate SQL databases.
Excuse my ignorance but are these what I want?

If not can anyone please get me going on a php script?
Ideally I don't want to change the format of the MS access database - I have it in xls and simply export and save it to access. If there is a simple way of reading directly from a specific tab in Excel that would be a better solution.

Thank you.

I have a weird kind of problem.
I uploaded all upload-directories through FTP which have 777 permissions and owner name 'abc'
This means I can access all of them through the codes.
But while creating files inside those full permitted directories, the compiler complains for access denied.
Meanwhile, a different directory is created with same name whose owner is 'apache' itself and the previous directory is lost.
Then I cannot change the permissions of that directory through FTP.
I don't if it is apache server's problem itself or not.
Or is it a way to define user while creating/editing/deleting files and directories through php code itself?