Results 1 to 25 of 54
Aug 6, 2009, 05:22 #1
- Join Date
- Aug 2008
- 0 Post(s)
- 0 Thread(s)
Prevent direct access to php file
I have caller.php that calls a second file get.php with some parameters (note get.php is not a runtime include, but called only when a user clicks a button), i.e.,
I want get.php to work ONLY when called from caller.php. If get.php called directly from the browser it should result in an error message.
I don't want to use referrer checks if possible. Also, not looking for foolproof method, but something that is reasonably secure or will require a few steps each time to break.
I have considered passing a $secretkey from caller.php to get.php but anything I pass can be seen in the view source or headers? Also, session variables don't work well I think as I don't want user to go to caller.php first and then right after do a direct call to get.php because session key is set as that will trick get.php into working....
Is this possible? Any takers?