Hi,
i store all my php scripts under /bin folder like process-signup.php. if user directly go to http://www.menggaris.com/bin/process-signup.php, then the script will eventually executed and data will be saved into database. user should go to signup.php first.
how can I prevent this situation from happening?
I am wondering like is there anyway to detect if user directly access process-signup.php instead of accessing from signup.php
Thanks & regards,
Mark
how to prevent direct access to php script?
Moderator: General Moderators
-
alex.barylski
- DevNet Evangelist
- Posts: 6267
- Joined: Tue Dec 21, 2004 5:00 pm
- Location: Winnipeg
Re: how to prevent direct access to php script?
Code: Select all
<?php defined('PROJECT_LOADED') or die('Invalid Request');Alternatively (and preferably) you should store all files (except index.php and assets) outside the document root.
Re: how to prevent direct access to php script?
Hi PCSpectra,
I should I put the process-signup.php outside the document root folder? for example, consider the following code :
and my document root path is /home/webadministrator/www/root/
and all my php script is under /home/webadministrator/www/root/bin
and now if I put process-signup.php under /home/websiteadmin/www/bin
how should I put the path in the html form?
and I don't think I can put like this?
regards,
Mark
I should I put the process-signup.php outside the document root folder? for example, consider the following code :
Code: Select all
<form id="signup_form" action="bin/process-signup.php" method="post">
<input type="text" name="name" id="name"/>
<input type="text" name="email" id="email"/>
<input type="submit" value="submit" name="submit" id="submit"/>
</form>
and all my php script is under /home/webadministrator/www/root/bin
and now if I put process-signup.php under /home/websiteadmin/www/bin
how should I put the path in the html form?
and I don't think I can put like this?
Code: Select all
<form id="signup_form" action="/home/websiteadmin/www/bin/process-signup.php" method="post">regards,
Mark
- John Cartwright
- Site Admin
- Posts: 11470
- Joined: Tue Dec 23, 2003 2:10 am
- Location: Toronto
- Contact:
Re: how to prevent direct access to php script?
It doesn't make any sense to want to protect that file from being directly accessed. When you make the form post to this file, you are directly accessing it. By putting it outside the webroot you are eliminating access to the file from www.
-
alex.barylski
- DevNet Evangelist
- Posts: 6267
- Joined: Tue Dec 21, 2004 5:00 pm
- Location: Winnipeg
Re: how to prevent direct access to php script?
If the file/script is (requires) accessible (such as a signup form) then no -- you need that within your docroot -- but any of it's included files say something like this:I should I put the process-signup.php outside the document root folder? for example, consider the following code :
Code: Select all
<?php
include 'inc/functions.php';
echo 'Do your thing';Re: how to prevent direct access to php script?
Set a session variable on the 1st page and check for it on the 2nd page