On 5/29/2013 9:20 PM, Glob Design Info wrote:
On 5/29/13 6:14 PM, Jim Giner wrote:
On 5/29/2013 7:11 PM, Tim Dunphy wrote:
Hello list,
I've created an authentication page (index.php) that logs into an LDAP
server, then points you to a second page that some folks are intended to
use to request apache redirects from the sysadmin group (redirect.php).
Everything works great so far, except if you pop the full URL of
redirect.php into your browser you can hit the page regardless of the
login
process on index.php.
How can I limit redirect.php so that it can only be reached once you
login
via the index page?
Thank you!
Tim
I would simply place my redirect.php script outside of the
web-accessible tree. The user can never type that uri into his browser
and have it work.
I always see this answer a lot but never any sample code of how to
include that file using require_once() or include_once().
It would be nice to know the exact syntax of inclusion of such files.
Say, for example if I put the login/redirect .php file 3-4 levels up
from my webroot.
-d
simply a require statement pointing to the script. PHP can load
anything, http can only see the web tree.
I personally have a std. set of code in my scripts that always creates a
var that points to my document root (web root) and another that points
to my php folder which is outside of the web root.
As for the location - it need be only one level above or at a level
parallel but outside of the web root. My hoster actually sets up their
accounts with a 'php' folder at the same level as the "public_html" (web
root) folder.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
