douzhankui0758 2016-06-22 12:52
浏览 131
已采纳

允许window.location但阻止直接访问PHP文件

I have a script file named script.php which is accessed from another php file called main.php through the "Window.location" command. I want to prevent direct access to file, i.e, no one can type script.php in the URL bar and view the contents of the file. But I want my main.php to be able to redirect to script.php using window.location. Any way to do this?

I have tried using Debug Backtrace and preg_match() but these are also blocking the window.location from main.php. Any way to get around this?

  • 写回答

1条回答 默认 最新

  • dqm74406 2016-06-22 13:06
    关注

    I'm not really sure what and why you want to do. There is no way to only allow a script to open a URL, because the browser will handle it.

    Normally you should check in the files itself, if the user is allowed to use them. So you have to find a logic for you, how to tell you script, if the user should see it. Otherwise you can do some other action, like displaying an error or redirect him back to you main.php.

    Just some quick ideas ...

    Idea 1.) If possible, you can include() the script.php in main.php and block the direct access via .htaccess. Then you don't need a redirect and no one can access it directly.

    Idea 2.) Set a session variable in main.php like $_SESSION["allow"] = true; and check this again in script.php. Afterwards set the value to false, so the next call will be fail.

    Idea 3.) Add a parameter to the file call, like script.php?allow=true. But in this case, all users who know the parameter could call it.

    Idea 4.) Add a custom parameter to the redirect, wich is only valid for a given time. To be simple, something like php time(). Check if the parameter is within a short time limit. But in this case, the redirect url has to be generated when the main.php file starts the redirect. Otherwise the request could be already to old.

    So that are my ideas. Hope something gives you a hint how to do it.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 寻一个支付宝扫码远程授权登录的软件助手app
  • ¥15 解riccati方程组
  • ¥15 display:none;样式在嵌套结构中的已设置了display样式的元素上不起作用?
  • ¥30 用arduino开发esp32控制ps2手柄一直报错
  • ¥15 使用rabbitMQ 消息队列作为url源进行多线程爬取时,总有几个url没有处理的问题。
  • ¥15 求chat4.0解答一道线性规划题,用lingo编程运行,第一问要求写出数学模型和lingo语言编程模型,第二问第三问解答就行,我的ddl要到了谁来求了
  • ¥15 Ubuntu在安装序列比对软件STAR时出现报错如何解决
  • ¥50 树莓派安卓APK系统签名
  • ¥65 汇编语言除法溢出问题
  • ¥15 Visual Studio问题