/    Sign up×
Community /Pin to ProfileBookmark

block php page in public view. but still able to use by other page.

Copy linkTweet thisAlerts:
Nov 28.2012

block php page in public view. but still able to use by other page.

hi, I’m working on a website that has ajax live search(search.php) on it, search.php calls in from another php page to search in database, it works just fine, the problem is search.php can be typed in url and display all data from database. I tried googling it, still don’t have clear idea how to solve it. I’ve read that it can be done in .htaccess, also by changing permission… I just want to be enlightened how to properly fix the problem. thanks

to post a comment
PHP

3 Comments(s)

Copy linkTweet thisAlerts:
@NogDogNov 28.2012 — If it's a question of only wanting it to be accessed via include()/require(), a few approaches:

  • - Move the included file outside of the web document root directory hierarchy.

  • - Give it a name with a distinct suffix that you then disallow via the web server (e.g. via the .htaccess file)

  • - Compare the script's file name against that of $_SERVER['SCRIPT_NAME'], and if the same exit (and maybe first send a 404 header)

  • - Set a constant in the main script that would do the including of the file in question, and if that constant is not defined, exit (and 404?)
    • Copy linkTweet thisAlerts:
    @DerokorianNov 28.2012 — Option 4 is what I generally use. The top of all my files (except for index.php) look like this:

    [code=php]if( !defined('ROOT') ) { header('HTTP/1.0 404 Not Found'); exit; }

    // actual code for the file here[/code]
    Copy linkTweet thisAlerts:
    @simplypixieNov 29.2012 — I presume you are sending posted data to the search.php page, in which case, all you need to do is check if data has been posted and if not then redirect to another page. In search.php
    [code=php]<?php
    if (!isset($_POST)) {
    header("location: index.php");
    } else {
    //Do your search here
    }[/code]
    ×

    Success!

    Help @s4m spread the word by sharing this article on Twitter...

    Tweet This
    Sign in
    Forgot password?
    Sign in with TwitchSign in with GithubCreate Account
    about: ({
    version: 0.1.9 BETA 5.16,
    whats_new: community page,
    up_next: more Davinci•003 tasks,
    coming_soon: events calendar,
    social: @webDeveloperHQ
    });

    legal: ({
    terms: of use,
    privacy: policy
    });
    changelog: (
    version: 0.1.9,
    notes: added community page

    version: 0.1.8,
    notes: added Davinci•003

    version: 0.1.7,
    notes: upvote answers to bounties

    version: 0.1.6,
    notes: article editor refresh
    )...
    recent_tips: (
    tipper: @AriseFacilitySolutions09,
    tipped: article
    amount: 1000 SATS,

    tipper: @Yussuf4331,
    tipped: article
    amount: 1000 SATS,

    tipper: @darkwebsites540,
    tipped: article
    amount: 10 SATS,
    )...