This is a simple situation with a thus far dire result.
I have a contact.php page. This contains the form. I then have a sendemail.php file that actually validates and processes sending the email. This works fine.
I wanted to block access to sendemail.php because if some visitor who likes to experiment comes along and wants to open it directly (by typing in the url) it will show errors (since no variables are being passed from contact.php).
And so do achieve this I did this:
Deny access to file
deny from all
Now. Great and not so great. Great because directly access to sendemail.php isn't possible. Not great because the contact.php cannot access the sendemail.php file to complete sending the email (or let the visitor knows there are form errors etc.).
I was researching into the "allow from XXX" method to add to that above in .htacces but it's not working form me. It will either cause a server 500 error or just not achieve what I need it to do.
Any ideas where my thinking is going wrong? Only contact.php should have the right to open up sendemail.php. No one or no other file needs to.
Thanks in advance,