1

For example a user can not access http://example.com/here but can access anything with more added. An example would be http://example.com/her?action=blah blah.

The point of this is to prevent access to an file by visiting the page directly, however allow the file to be use with more actions/links added.

I would just like to thank everyone for the quick response. Based off the answers I got, I went with php and it worked.

I used the following:

function access_granted(){
 global $pagenow;
 if(!isset($_GET['action']) && 'wp-login.php' == $pagenow ) {
  wp_redirect('http://example.com/');
  exit();
 }
}

I do have one question however. I changed the wp-login.php url to http://example.com/here instead of http://example.com/wp-login.php.

My problem is that now, the function access_granted does not work anymore. my guess is the $pagenow.

Any suggestions, such as how to check the url/here instead of wp-login.php?

Craig
  • 133
  • 1
  • 13
  • if they don't have the querystring you expect... have a default action? the querystring would have to get processed anyway. maybe i don't understand your question – Smern Apr 01 '13 at 17:54

5 Answers5

2

If you want to go .htaccess way do this. Enable mod_rewrite and .htaccess through httpd.conf and then put this code in your .htaccess under DOCUMENT_ROOT directory:

Options +FollowSymLinks -MultiViews
# Turn mod_rewrite on
RewriteEngine On
RewriteBase /

RewriteCond %{QUERY_STRING} ^$
RewriteRule ^here/?$ - [NC,L,F]

This will throw forbidden error for /here or /here/ but will allow /here?bar=foo type of URIs.

anubhava
  • 761,203
  • 64
  • 569
  • 643
1

Is example.com/here handled by a PHP script? If so, do your input validation at the start of the script, and if it doesn't meet the requirements, either give an error page or redirect (http://php.net/manual/en/function.http-redirect.php) to another page.

Adrian
  • 42,911
  • 6
  • 107
  • 99
1

Yes, there is. You don't really need to deal with htaccess, you can do it with php. First you need to check if required options are set. For example if you have a GET property with name action you can check whether or not it's set using isset function. You also need to specify a custom HTTP 403 page and redirect the user to that page. Here's an example for showing forbidden error if action is undefined:

<?php
if (!isset($_GET['action'])) {
   header('HTTP/1.0 403 Forbidden',403);
   header('Location: 403.html');
   exit;
}
?>

You might also find the following link useful: How to display Apache's default 404 page in PHP

Community
  • 1
  • 1
Javid
  • 2,755
  • 2
  • 33
  • 60
1

As you want it to work if anything is appended to the URL, you can use this if /here is handled by PHP:

 <?php
  if(!$_GET){
         die('You are not allowed to access this URL.');
   }
   else {
     ... PHP code that will execute in case the user is allowed to access the URL(you can also use HTML by just having ?> here instead and add <?php } ?> at the end of the document)  ...
  }
 ?>

Hope it helped.

impetiredome
  • 58
  • 5
0

Sure, you can use PHP for this. on here.php you need a line (in your example) at the top of your code that looks like this:

if(!isset($_GET['action']){
     header('location:/notallowed.php');
     exit;
}

Where notallowed.php is whatever you want to show when they don't have the full link.

Ryoku
  • 792
  • 1
  • 5
  • 18
  • 1
    This code has to be edited; first, user might get an action undefined error; and second, it's `header` not `headers`. I think it'd be better if you correct the typos. – Javid Apr 01 '13 at 18:04