Page 1 of 1

How restrict access to specific PHP page?

Posted: Tue Jun 09, 2009 11:06 pm
by 6tr6tr
Is there a way to restrict access to a PHP page to only other pages from within the same domain? Is HTTP_REFERER the only way?

Re: How restrict access to specific PHP page?

Posted: Tue Jun 09, 2009 11:27 pm
by requinix
There is no way.

HTTP_REFERER won't always be set, and when it is you have no way of knowing that it wasn't faked.

Re: How restrict access to specific PHP page?

Posted: Tue Jun 09, 2009 11:35 pm
by 6tr6tr
tasairis wrote:There is no way.

HTTP_REFERER won't always be set, and when it is you have no way of knowing that it wasn't faked.
What about when they restrict access to certain folders? Does that work the same way?

Re: How restrict access to specific PHP page?

Posted: Tue Jun 09, 2009 11:42 pm
by Benjamin
You can use cookies or sessions to verify that they have already viewed pages on your site.

Re: How restrict access to specific PHP page?

Posted: Tue Jun 09, 2009 11:51 pm
by requinix
6tr6tr wrote:What about when they restrict access to certain folders? Does that work the same way?
Depends what you're talking about. Either it's a different mechanism (comparing apples to oranges) or their security isn't as strong as they think/want you to believe.

astions is right: you can make sure they've visited your site, and even within the last X minutes, but not that they visited immediately and directly before going to that one page. They could open two windows/tabs: visit your site in one, then visit a different site in another that has a link to this page of yours.