On 18 Mar 2008, at 12:46, Sudhakar wrote:
my question is about displaying a friendly message when someone
directly types a url in the browser.
example i have one file called form.php which processes the
information entered in the form and lets say the next page is
thankyou.php?firstname=david
by seeing the url if someone types thankyou.php?firstname=smith in the
address bar the browser will display smith.
1. so if a user enters a url in the browser directly to a specific
page("thankyou.php") i would like to display a message like =
"Direct access to this file is not allowed"
It is not possible to do this reliably. You can check the HTTP_REFERER
variable in $_SERVER, but it's not guaranteed to exist and certainly
not guaranteed to be accurate.
I'm guessing you want to protect access to some restricted resource,
in which case you need to implement a server-side only check. The most
common way to do this is to use sessions. If someone hits the page
without a valid session you know they've not gone through the whole
process.
2. with the above method assuming even if i type thankyou.php in the
browser directly, though i own the file i will also get the message
"Direct access to this file is not allowed". so i would not like to
see this message, i guess for this i need to specify my IP address i
suppose.
That would be one way to do it, but bear in mind that any way you put
in to get around security is open to being exploited by other parties.
Think carefully about whether you actually need to hit that URL
directly all the time or just during development. If it's just during
development it would be better to disable any security features you've
implemented, just make sure you re-enable them before you put it live.
-Stut
--
http://stut.net/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
