accessing a php webpage that is stored outside the public ar

Discussing Html . Code , Software , other

Moderators: egami, macek, gesf

Post Reply
User avatar
freshnet
php-forum Active User
php-forum Active User
Posts: 359
Joined: Tue Feb 22, 2011 8:19 am
Location: Canada

Tue Oct 28, 2014 7:16 pm

You could do something like setting a session variable on the page you're linking from, and checking for it at the top of your php page. If it's not set, you send a header to point the user back somewhere else. Then you unset it if you don't want the user to be able to come right back to that page in the same session.

Code: Select all

session_start(); 
if (empty($_SESSION['referrer']))
{header("Location: index.php");
			exit();}
unset($_SESSION['referrer']);

landi
php-forum Active User
php-forum Active User
Posts: 388
Joined: Thu Mar 15, 2012 3:59 pm

Thu Oct 30, 2014 3:37 pm

Hi,
You could also, as you suggest, store the 'private' pages outside the public area. Public pages can still read the private pages (subject to permissions, of course). A simple way to read them is with include() or require_once().

In fact, if you have include files then it is generally a good idea for security to store them outside of the public area so they cannot be executed directly by users. A private area also helps keep sensitive information like database passwords secure, because sometimes web server decide to serve your PHP source rather than the results of execution.

-A

Post Reply