On Wed, May 29, 2013 at 8:20 PM, Glob Design Info <info@xxxxxxxxxxxxxx> wrote:
> On 5/29/13 6:14 PM, Jim Giner wrote:
>>
>> On 5/29/2013 7:11 PM, Tim Dunphy wrote:
>>>
>>> Hello list,
>>>
>>> I've created an authentication page (index.php) that logs into an LDAP
>>> server, then points you to a second page that some folks are intended to
>>> use to request apache redirects from the sysadmin group (redirect.php).
>>>
>>> Everything works great so far, except if you pop the full URL of
>>> redirect.php into your browser you can hit the page regardless of the
>>> login
>>> process on index.php.
>>>
>>> How can I limit redirect.php so that it can only be reached once you
>>> login
>>> via the index page?
>>>
>>> Thank you!
>>> Tim
>>>
>> I would simply place my redirect.php script outside of the
>> web-accessible tree. The user can never type that uri into his browser
>> and have it work.
>
>
> I always see this answer a lot but never any sample code of how to include
> that file using require_once() or include_once().
>
> It would be nice to know the exact syntax of inclusion of such files.
>
> Say, for example if I put the login/redirect .php file 3-4 levels up from my
> webroot.
Okay, first off, your application *has* to have some entry point that
*is* accessible to a browser; otherwise nothing will find it.
THe include/require(_once) directives take as an argument a file path
including file name, there is no requirement they be in the same
directory or lower as the calling file.
So let's take this as a example:
Application/webroot/index.php
Application/includes/redirect.php
Application/includes/login.php
index.php:
<?php
session_start();
if (valid_user($_SESSION['current_user'])) {
include_once("../includes/redirect.php");
} else {
include_once("../includes/login.php");
}
?>
This the so-called single script entry style for designing your app. A
consequence of this is that it makes bookmarking a bit different. One
example of this is the PmWiki application. Everything runs through the
main script (in this case it's called pmwiki.php instead of index.php,
but that's immaterial here). Pages in the wiki are given on the path,
such as: http://www.pmwiki.org/wiki/PmWiki/PmWiki, which makes it
bookmarkable and work in the browser history. Others may not; it all
depends on what you want.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
