[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1429
  • Last Modified:

Restrict direct access to file

Hey,

I have a remote PHP file that echo's out some javascript on another domain.  The PHP file accepts GET values.  How could I go about preventing users from directly accessing the PHP file from the address bar, but the remote file that is linked still works?

So I want to stop users going to..

http://mydomain.com/out/remote.php

But if the PHP file is called like so...

<script type="text/javascript" src="http://mydomain.com/out/remote.php?user=yarr"></script>

It will continue to work fine.

I'm thinking maybe .htacess?  

Thanks
0
pD_EO
Asked:
pD_EO
  • 2
1 Solution
 
dancablamCommented:
Hey there,

I recommend putting something like this at the top of your script:

if(empty($_SERVER['HTTP_REFERER'])) exit;

Note that it isn't the most secure or robust thing you could do, but it's by far the easiest.
0
 
pD_EOAuthor Commented:
Hi,

Yeah, already thought about doing it that way.  Some people turn of referrers though.

Any other ideas? :)

Thanks
0
 
pixayaCommented:
Hi,

You can check whether any parameters were passed with the request by doing the following:

if($_SERVER['QUERY_STRING']!==""){
      print('allowed');
}else{
      print('not allowed');
}

You could also check that the user parameter was passed by doing this:

if(isset($_GET['user'])){
      print('allowed');
}else{
      print('not allowed');
}

Its not exactly hacker proof but to stop the everyday user from requesting the page directly it should be enough.

Craig.
0
 
dancablamCommented:
You could also just encrypt your javascript if you're looking to protect it from others:
http://www.htmlguardian.org/help_main.html

0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now