0

i have a php page "view.php"

but i want no one to view the page direct by hitting or manually typing www.domain.com/view.php , it must come from index.php undergoing some process. ie

index.php ==> view.php/id=$$$

i tried for $_SERVER['REQUEST_URI']; 

if ($_SERVER['REQUEST_URI'] =='www.domain.com/view.php')
header("location: index.php");

but aint worked..

can any one please help

  • 2
    Why don't you use .htaccess? The server request uri is not reliable. – thatidiotguy Dec 14 '12 at 20:22
  • @thatidiotguy the session variables are printed on view.php from index.php , is it still fine if i go with htaccess.. please suggest –  Dec 14 '12 at 20:24
  • as @thatidiotguy says, server request uri is unreliable. See http://stackoverflow.com/questions/165975/determining-referer-in-php If you control the previous page that the user was on you could set a cookie or something in a session then check if that exist/is the correct value on you view.php – cosmorogers Dec 14 '12 at 20:24
  • Put it outside the document root & let index.php include it. – Wrikken Dec 14 '12 at 20:29

2 Answers2

0

$_SERVER["REQUEST_URI"] returns site root-relative path, i.e. "/view.php" or "/folder/file.php". So your code should be if ($_SERVER["REQUEST_URI"] == "/view.php") { /* ... */ }. It is also recommended to place exit(); after redirection headers to prevent subsequent code execution.

You can also use $_SERVER["HTTP_REFERER"] like this if(!$_SERVER["HTTP_REFERER"] == "http://www.your-domain.com/index.php") { /* ... */ }

For further information, please refer to http://php.net/manual/en/reserved.variables.server.php

artygus
  • 605
  • 4
  • 11
0

try to send it trough a form in your index.php file using a POST variable

<form action="view.php" method="post">
<input type="hidden" vaue="test" name="KEY"/>
</form>

in your view.php 

if(isset($_POST['key'])){
//LOAD FILE
}

there are different solutions though

Maxim
  • 3,836
  • 6
  • 42
  • 64