Hy
i create a login.html to access index.php
i enter user name and password in login.html and directed to index.php all is working well. but the problem is the index file can also be access when write its path (localhost/index.php) in browser.
i want to restrict every user to access index.php directly.
directly access index.php
2 posts
• Page 1 of 1
directly access index.php
by pkimran » 17. April 2015 08:48
- pkimran
- Posts: 10
- Joined: 03. April 2015 14:21
- Operating System: windows 7
Re: directly access index.php
by Nobbie » 17. April 2015 10:43
pkimran wrote:i enter user name and password in login.html and directed to index.php all is working well. but the problem is the index file can also be access when write its path (localhost/index.php) in browser.
i want to restrict every user to access index.php directly.
This is impossible, there is technically no difference between "directing to index.php" and "direct access to index.php". You might add some validations, for example eveluate the HTTP_REFERER or similar, but this is not 100% safe. But you cannot avoid that index.php is accessible (if it is not accessible, you cannot use it for a redirect).
I dont know how your login is working, but of course you have to validate in your scripts (i.e. in index.php), that a user has logged in successfully before, if you are doing the login by yourself (and not via Apache Authorize). Usually this is done by using session variables.
- Nobbie
- Posts: 13183
- Joined: 09. March 2008 13:04
2 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 10 guests