directly access index.php

Alles, was PHP betrifft, kann hier besprochen werden.

directly access index.php

Postby pkimran » 17. April 2015 08:48

Hy
i create a login.html to access index.php
i enter user name and password in login.html and directed to index.php all is working well. but the problem is the index file can also be access when write its path (localhost/index.php) in browser.
i want to restrict every user to access index.php directly.
pkimran
 
Posts: 10
Joined: 03. April 2015 14:21
Operating System: windows 7

Re: directly access index.php

Postby Nobbie » 17. April 2015 10:43

pkimran wrote:i enter user name and password in login.html and directed to index.php all is working well. but the problem is the index file can also be access when write its path (localhost/index.php) in browser.
i want to restrict every user to access index.php directly.


This is impossible, there is technically no difference between "directing to index.php" and "direct access to index.php". You might add some validations, for example eveluate the HTTP_REFERER or similar, but this is not 100% safe. But you cannot avoid that index.php is accessible (if it is not accessible, you cannot use it for a redirect).

I dont know how your login is working, but of course you have to validate in your scripts (i.e. in index.php), that a user has logged in successfully before, if you are doing the login by yourself (and not via Apache Authorize). Usually this is done by using session variables.
Nobbie
 
Posts: 8779
Joined: 09. March 2008 13:04


Return to PHP

Who is online

Users browsing this forum: No registered users and 3 guests