I'm not really sure what and why you want to do. There is no way to only allow a script to open a URL, because the browser will handle it.
Normally you should check in the files itself, if the user is allowed to use them. So you have to find a logic for you, how to tell you script, if the user should see it. Otherwise you can do some other action, like displaying an error or redirect him back to you main.php
.
Just some quick ideas ...
Idea 1.) If possible, you can include()
the script.php
in main.php
and block the direct access via .htaccess
. Then you don't need a redirect and no one can access it directly.
Idea 2.) Set a session variable in main.php
like $_SESSION["allow"] = true;
and check this again in script.php
. Afterwards set the value to false
, so the next call will be fail.
Idea 3.) Add a parameter to the file call, like script.php?allow=true
. But in this case, all users who know the parameter could call it.
Idea 4.) Add a custom parameter to the redirect, wich is only valid for a given time. To be simple, something like php time()
. Check if the parameter is within a short time limit. But in this case, the redirect url has to be generated when the main.php
file starts the redirect. Otherwise the request could be already to old.
So that are my ideas. Hope something gives you a hint how to do it.