avoid direct accessing

@danisupr4Nov 07.2006

i have php file whose frame in it.
Let’s say:
<iframe src=”a.php” ….></iframe>
How can I avoid user not to typing the address ‘a.php’ on the address bar.
Shortly, I dont want the user have direct illegal access to ‘a.php’

to post a comment

PHP

7 Comments(s) _↴

@pcthugNov 07.2006 — #To include it:

[code=php]
 <?php @include './a.php'; ?>
 [/code]

And in the [I]a.php[/I] file put:

[code=php]
 <?php
 if(basename($_SERVER['PHP_SELF']) == 'a.php')
 exit('Sorry, this file does not allow direct illegal access.');
 ?>
 [/code]

@bokehNov 07.2006 — #[code=php]basename($_SERVER['PHP_SELF']) != basename(__FILE__) or die;[/code]Or:[code=php]basename($_SERVER['PHP_SELF']) == basename(__FILE__) and die;[/code]

@grumpyoldtechsNov 07.2006 — #or just put a .htaccess file in the includes file with:

Deny from all

then <?php include "includes/a.php"; ?>

It really baffles me why your using something which is such bad practice (an iframe) when your using such a beautiful language such as php.

I frames are for people who don't know any better and websites made back in 1991

@danisupr4authorJan 02.2007 — #if i wrote this in 'a.php':

[code=php]
 $base = basename($_SERVER['HTTP_REFERER']);
 if (empty($base)) {
 header('Location:someplace.php?message=dummy');
 }
 [/code]

what is the difference ??

is there any vulnerability there?

@danisupr4authorJan 02.2007 — #Sorry, maybe OOT, but what is the difference if wrote:

[code=php]
 <?php include 'a.php'; ?>
 [/code]

and

[code=php]
 <?php @include 'a.php'; ?>
 [/code]

@bathurst_guyJan 02.2007 — #@ supresses errors (if errors occur, they are not echoed or displayed to the browser)

@bokehJan 02.2007 — #is there any vulnerability there?[/QUOTE]From what perspective? Any vunerability revolves around [I]HTTP_REFERER[/I] being a user defined variable.

Also in #PHP _↴

header function to open new window looking for help creating cookie popups How to add two days to Date function?

Success!

Help @danisupr4 spread the word by sharing this article on Twitter...

Tweet This

about: ({
version: 0.1.9 — BETA 6.17,
whats_new: community page,
up_next: more Davinci•003 tasks,
coming_soon: events calendar,
social: @webDeveloperHQ
});

legal: ({
terms: of use,
privacy: policy
});

changelog: (
version: 0.1.9,
notes: added community page

version: 0.1.8,
notes: added Davinci•003

version: 0.1.7,
notes: upvote answers to bounties

version: 0.1.6,
notes: article editor refresh
)...

recent_tips: (
tipper: @nearjob,
tipped: article
amount: 1000 SATS,

tipper: @meenaratha,
tipped: article
amount: 1000 SATS,

tipper: @meenaratha,
tipped: article
amount: 1000 SATS,
)...

avoid direct accessing

7 Comments(s) _↴

Also in #PHP _↴

Success!

Social

Version

avoid direct accessing

7 Comments(s) ↴

Also in #PHP ↴

Success!

The web is an endless sea of information. Don't miss the boat... Subscribe!

Social

Version

7 Comments(s) _↴

Also in #PHP _↴