Prevent users from typing the url manually
Moderator: General Moderators
Prevent users from typing the url manually
I'm a php noob and I wanted to ask if you guys know how to prevent users from typing a URL manually? The page isn't ready yet but it might be site.com/custom.php or something like that. To get to the page they need to type in a password which is relatively easy to do in PHP.
Advanced thanks to everyone.
Cheers,
John
Advanced thanks to everyone.
Cheers,
John
Re: Prevent users from typing the url manually
Easier than password protecting is locking down by IP address. This is great for pages that are still in development.
First, get your IP address. http://www.whatismyip.com/
Second, put this at the top of your PHP code:
This will make it so that any visitor whose IP address is different than your own will not see the page contents.
You cannot keep a user from typing in a specific address--that's quite impossible. You can, however, prevent them from seeing what you don't want them to see.
First, get your IP address. http://www.whatismyip.com/
Second, put this at the top of your PHP code:
Code: Select all
$ip = $_SERVER['REMOTE_ADDR'];
if ($ip != "<your ip address>") {
exit();
}
//Place the rest of your code hereYou cannot keep a user from typing in a specific address--that's quite impossible. You can, however, prevent them from seeing what you don't want them to see.
Re: Prevent users from typing the url manually
You could do this:
I am new to coding but that should work. It asks if they clicked submit. If they didn't do show them the page. If they did show them.
Code: Select all
if($_POST[submit] = false)
{
echo "You have acessed this page incorrectly"
}
else
{
echo "Thank you for entering your password!"
}
Last edited by CodeGeek on Thu Oct 01, 2009 1:12 pm, edited 1 time in total.
Re: Prevent users from typing the url manually
I would rather suggest .htaccess protection, if you are using apache as your server which looks much pretty to me
and use following site generate user password list
http://www.htaccesstools.com/htpasswd-generator/
Thereby you can limit users not allowing custom.php in yourwebfolder
Code: Select all
<Files custom.php>
Order deny,allow
Deny from all
AuthName "htaccess password prompt"
AuthType Basic
AuthUserFile /home/yourwebfolder/.htpasswd
Require valid-user
</Files>
http://www.htaccesstools.com/htpasswd-generator/
Thereby you can limit users not allowing custom.php in yourwebfolder
Re: Prevent users from typing the url manually
Your comments are all so exciting to read.
I'll try them all out and see which is which.
Re: Prevent users from typing the url manually
What would be even better is if you developed on a machine that isn't your production server.
Re: Prevent users from typing the url manually
Yes, I agree. I'm using XAMPP for my localhost. It's the best one out there.
-
mybikeisgreen
- Forum Newbie
- Posts: 22
- Joined: Thu Oct 01, 2009 6:22 pm
Re: Prevent users from typing the url manually
Check the value of $_SERVER['REQUEST_METHOD']. If it's POST then they definitely didn't type it in manually.
Code: Select all
if ($_SERVER['REQUEST_METHOD']!='POST') {
exit();
}-
mybikeisgreen
- Forum Newbie
- Posts: 22
- Joined: Thu Oct 01, 2009 6:22 pm
Re: Prevent users from typing the url manually
You could also check the referrer. When you type in a URL manually the referrer is always blank.
But the most secure way to do this is with cookies. It's a little bit complicated, but after the correct password is entered you could do:
Then check the cookie, put the following on every protected page.
But the most secure way to do this is with cookies. It's a little bit complicated, but after the correct password is entered you could do:
Code: Select all
$time = time();
setcookie('authorized', md5('[yoursecretphrase]'.$time));
setcookie('time', $time);Code: Select all
if ($_COOKIE['authorized']!=md5('[yoursecretphrase]'.$_COOKIE['time'])) {
header($_SERVER['SERVER_PROTOCOL'].' 403 Forbidden');
echo '<title>403 Forbidden</title>'';
echo 'You are not authorized to view this page.';
}-
lowcostweb
- Forum Newbie
- Posts: 5
- Joined: Fri Oct 02, 2009 8:50 am
Re: Prevent users from typing the url manually
Code: Select all
if ($_SERVER['HTTP_REFERER'] == "")
{echo "you are not authorized";
exit();
}
http://www.cogitsolutions.com/blog/