Prevent access to php file

by brentb

Posted: 13 years ago 7 replies

PROGRAMMING

I have a form behind user authentication that submits to a php file. I am worried people will stop paying for my service yet still send values (via the url or creation of their own form) to the php file directly.

How can I prevent this?

#access #file #php #prevent

mmstud 13 years ago

You can't put php file behind authentication?

You could check where people come in to the script, check referee. If it comes from your site or ip, then allow execution.

But this depends totally what kind of configuration you have on your system at the moment...
- Thanks
- 1 reply
{{ DiscussionBoard.errors[4862760].message }}
- mattdean 13 years ago
  
  If you're using normal Linux authentication and the file is in a secured directory taking someone out of the authentication file would disallow them from using any files in that directory.
  
  If you wanted another method you could set a cookie when they login and then check for that cookie at the top of every page.
  
  Thanks
  
  1 reply
  
  {{ DiscussionBoard.errors[4863345].message }}
  
  brentb 13 years ago
  
  Good suggestion... I will try and see about implementing the cookie.
  
  The issue is that the script runs completely standalone on its own server but the input comes from within a Joomla CMS install on another server. So the webform the inputs come from is locked down however the script itself is not.
  
  Thanks
  
  {{ DiscussionBoard.errors[4864019].message }}
SupporTech 13 years ago

please use an htaccess to hide php files!
- Thanks
{{ DiscussionBoard.errors[4895556].message }}
KabanaSoft 13 years ago

like mmstud said, as long as the first server is always the server that sends requests to your PHP file...then you could implement IP checking code at the top of the PHP file and only accept requests that come from the IP address of your first server. That way if a user manually tries to access your PHP script, your code can just reject the request since its coming from an IP that is not from your main server...
- Thanks
- 1 reply
Signature

The Next Big Thing in Local SEO has Just Arrived!
Forever change the way you do Local SEO with Places Scout Software! Learn how you can easily make a lot more money, save a lot of time, and have happier clients. Click Here to Learn More...
{{ DiscussionBoard.errors[4896087].message }}
- kdavies 13 years ago
  
  I may be wrong here but if they're no longer a member then they should be listed as such, and so no matter how they try to login, the site shouldn't let them in.
  
  Thanks
  
  Signature
  About
  Special Offers
  Portfolio
  Testimonials
  
  {{ DiscussionBoard.errors[4896420].message }}
Codez 13 years ago

lock cookies to session id for that user so when cookie expires so does session and thus they must login again to access said form.
- Thanks
{{ DiscussionBoard.errors[4904118].message }}

Prevent access to php file

Trending Topics

How do I effectively build and nurture an email list for affiliate marketing purposes?

Are Solo ADs the Most Cost Effective Way to Promote your Product?

Are billboards still effective in driving customers?

Been a while! Any of you Old Timers here?

How much does the rebranding affect CR ?