Results 1 to 4 of 4

Thread: block php page in public view. but still able to use by other page.

  1. #1
    Join Date
    Nov 2012

    block php page in public view. but still able to use by other page.

    block php page in public view. but still able to use by other page.

    hi, I'm working on a website that has ajax live search(search.php) on it, search.php calls in from another php page to search in database, it works just fine, the problem is search.php can be typed in url and display all data from database. I tried googling it, still don't have clear idea how to solve it. I've read that it can be done in .htaccess, also by changing permission... I just want to be enlightened how to properly fix the problem. thanks

  2. #2
    Join Date
    Aug 2004
    If it's a question of only wanting it to be accessed via include()/require(), a few approaches:

    - Move the included file outside of the web document root directory hierarchy.
    - Give it a name with a distinct suffix that you then disallow via the web server (e.g. via the .htaccess file)
    - Compare the script's file name against that of $_SERVER['SCRIPT_NAME'], and if the same exit (and maybe first send a 404 header)
    - Set a constant in the main script that would do the including of the file in question, and if that constant is not defined, exit (and 404?)
    "Well done....Consciousness to sarcasm in five seconds!" ~ Terry Pratchett, Night Watch

    How to Ask Questions the Smart Way (not affiliated with this site, but well worth reading)

    My Blog
    cwrBlog: simple, no-database PHP blogging framework

  3. #3
    Join Date
    Oct 2010
    Option 4 is what I generally use. The top of all my files (except for index.php) look like this:

    PHP Code:
    if( !defined('ROOT') ) { header('HTTP/1.0 404 Not Found'); exit; }

    // actual code for the file here 
    www.rdennispallas.com <-- Personal Site, changing regularly cuz its ugly.

  4. #4
    Join Date
    Aug 2012
    I presume you are sending posted data to the search.php page, in which case, all you need to do is check if data has been posted and if not then redirect to another page. In search.php
    PHP Code:
    if (!isset($_POST)) {
    header("location: index.php");
    } else {
    //Do your search here

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
HTML5 Development Center