Locking files

TyCox

How can i make it so you have to have a href link to open a page?

dagon

if the page is on the webserver then other than having ftp\shell access the file will have to be accessed over http

dalecosp

Not foolproof, but you might look at doing something with $_SERVER variables (like HTTP_REFERER, REQUEST_METHOD, etc....

dagon

i guess the obvious question is what do you mean by locking? its not clear in this case

dalecosp

dagon;10968485 wrote:
i guess the obvious question is what do you mean by locking? its not clear in this case

The question doesn't seem to really point to "locking" at all, in the normal computer sense. He may have to explain, as you ask.

I assumed, though, reading the question, that what the poster wants is a way to ensure that someone can't type an address into a browser and go directly to that resource without accessing it through a link from another page ... hence my advice.

He will have to tell us, of course, to be certain.

dagon

dalecosp;10968489 wrote:
I assumed, though, reading the question, that what the poster wants is a way to ensure that someone can't type an address into a browser and go directly to that resource without accessing it through a link from another page

well never use HTTP_REFERER, to fakable and unreliable, if it is with in the same site the only reliable method to do that is sessions

NogDog

I'll take a stab in the dark: If you don't want a given script to be accessible directly, but only used as an include file by other scripts, you can stick this at the top:

if(realpath($_SERVER['SCRIPT_FILENAME']) == realpath(__FILE__)) {
   header($_SERVER["SERVER_PROTOCOL"]." 404 Not Found");
   exit;
}

TyCox

Ok lets see... I have a page with and img. This img is a link to my php script. This php script displays data and adds information to my txt file. I don't want people to load my php from just using the address bar. I want it to only be visited by a link.
Hope this helped your confusion. Thanks

NogDog

There is no guaranteed way to enforce that. You could look for a $_SERVER['HTTP_REFERER'] value, but you can get false negatives on that depending on things like browser or proxy security settings/preferences, plus the referer header can be easily spoofed by any semi-knowledgeable person/script generating their own HTTP request.

I suppose you could use sessions, generate a unique token, store it in the $_SESSION array and add it as a URL query string variable/value pair in the link, then if the link is clicked, make sure the two match. Again, may not be 100% effective, but could be pretty effective, especially if you're sure to regenerate (or delete?) the token value on each page access.