On Wed, May 29, 2013 at 9:20 PM, Glob Design Info <info@xxxxxxxxxxxxxx>wrote:
> On 5/29/13 6:14 PM, Jim Giner wrote:
>
>> On 5/29/2013 7:11 PM, Tim Dunphy wrote:
>>
>>> Hello list,
>>>
>>> I've created an authentication page (index.php) that logs into an LDAP
>>> server, then points you to a second page that some folks are intended to
>>> use to request apache redirects from the sysadmin group (redirect.php).
>>>
>>> Everything works great so far, except if you pop the full URL of
>>> redirect.php into your browser you can hit the page regardless of the
>>> login
>>> process on index.php.
>>>
>>> How can I limit redirect.php so that it can only be reached once you
>>> login
>>> via the index page?
>>>
>>> Thank you!
>>> Tim
>>>
>>> I would simply place my redirect.php script outside of the
>> web-accessible tree. The user can never type that uri into his browser
>> and have it work.
>>
>
> I always see this answer a lot but never any sample code of how to include
> that file using require_once() or include_once().
>
> It would be nice to know the exact syntax of inclusion of such files.
>
> Say, for example if I put the login/redirect .php file 3-4 levels up from
> my webroot.
>
> require_once('../../../redirect.php');
