(Security issue) How scripts are invoked.

poisa

Is there a way to prevent direct access of php scripts?

If possible I'd like the scripts to be able to be called ONLY from a specific flash file (located in the same server).

jonno946

the easiest way and the way i use is to just store the file below the document root.

Jonno

rehfeld

you would still need a helper script to call the php file then.

you could do a bit like this in your php file


if (!isset($_GET['i am flash'])) {
    exit;
}

but thats very easy for the user to work around and fake.

but you could prob make flash POST a variable to the php script, which would be more difficult for the user to do.

rpanning

The way I varify included files is to set a variable in the first file, the file which would have the flash object. Then check for that variable in the included file. Ex:

Flash File

// flash.php
$valid = true;
include('file.php');

PHP File

// file.php
if (!isset($valid) || $valid) {
    exit('Must be included by flash file.');
}