On 5/29/13 6:14 PM, Jim Giner wrote:
On 5/29/2013 7:11 PM, Tim Dunphy wrote:
Hello list,
I've created an authentication page (index.php) that logs into an LDAP
server, then points you to a second page that some folks are intended to
use to request apache redirects from the sysadmin group (redirect.php).
Everything works great so far, except if you pop the full URL of
redirect.php into your browser you can hit the page regardless of the
login
process on index.php.
How can I limit redirect.php so that it can only be reached once you
login
via the index page?
Thank you!
Tim
I would simply place my redirect.php script outside of the
web-accessible tree. The user can never type that uri into his browser
and have it work.
I always see this answer a lot but never any sample code of how to
include that file using require_once() or include_once().
It would be nice to know the exact syntax of inclusion of such files.
Say, for example if I put the login/redirect .php file 3-4 levels up
from my webroot.
-d
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
