Page 1 of 1

Restricting direct access to a php page

Posted: Thu Feb 22, 2007 10:31 am
by a4avaiz
Hi!

I am new to php. I am trying to create a contact form.I have two php files: contact.php and insert.php.

Contact.php contains the form elements. Insert.php contains only the database connection string and the INSERT query. I also gave an "Record added" echo statement in insert.php, if the INSERT query was successful.

The problem arises when I directly type the insert.php in the URL. It prints "Record Added". How can I restrict direct access to insert.php? How can I have a forbidden message?

I did do a search before I posted. One suggestion was to define a constant in insert.php and use it as a flag, it works when you try to access the file directly, but that doesnt work when we are posting data from contact.php. Other suggestion was to create a .htaccess user authentication, but thats not what I am looking for.

Which is the best way to restict direct access completely?

Thanks in advance!

-Avais

Posted: Thu Feb 22, 2007 5:42 pm
by feyd
$_SERVER['REQUEST_METHOD'] maybe?

Posted: Thu Feb 22, 2007 9:20 pm
by Tommy1402
I suggest you to create a folder "private" then move insert.php to it. Inside folder "private", create a file ".htaccess" -- [dot]htaccess --

in that file type:

Code: Select all

deny from all

Posted: Thu Feb 22, 2007 9:23 pm
by feyd
a "deny from all" would render posts to it also be denied.

Posted: Thu Feb 22, 2007 9:27 pm
by tecktalkcm0391
easiest way in my book:

[quote="contact.php]

Code: Select all

<?php 
define("non-hacked",1);

//CODE...

?>
[/quote]
insert.php wrote:

Code: Select all

<?php 
if(defined("non-hacked")){

//code...


//below optional 

} else  {
    die("No hacking allowed!");

//below end optional 


} // BUT MAKE SURE you add a end brace
?>

Posted: Thu Feb 22, 2007 9:43 pm
by Tommy1402
feyd wrote:a "deny from all" would render posts to it also be denied.
yup, but for good practice, I guess we should keep only one door opened.