Comments on: Disable Direct Access to a Script With PHP http://fwebde.com/php/disable-direct-script-access/ Helping people to make fantastic websites, whether you are a designer, a developer, or someone just who loves websites. Fri, 15 Jul 2011 11:19:41 +0000 hourly 1 http://wordpress.org/?v=3.3 By: Jim http://fwebde.com/php/disable-direct-script-access/comment-page-1/#comment-3758 Jim Fri, 11 Feb 2011 08:48:17 +0000 http://fwebde.com/?p=1743#comment-3758 That saved my day! Thanks for sharing this :) That saved my day! Thanks for sharing this :)

]]> By: khen http://fwebde.com/php/disable-direct-script-access/comment-page-1/#comment-3503 khen Thu, 16 Dec 2010 18:45:39 +0000 http://fwebde.com/?p=1743#comment-3503 heheheh..... i wonder, how we should send "xmlhttprequest" to the restricted page? heheheh.....

i wonder, how we should send "xmlhttprequest" to the restricted page?

]]> By: Chris http://fwebde.com/php/disable-direct-script-access/comment-page-1/#comment-2114 Chris Wed, 27 Oct 2010 17:42:34 +0000 http://fwebde.com/?p=1743#comment-2114 You might want to change it to or instead of and in your if statement. If HTTP_X_REQUESTED_WITH can be spoofed, then all someone needs to do is spoof if and it will bypass the defined check. You might want to change it to or instead of and in your if statement.

If HTTP_X_REQUESTED_WITH can be spoofed, then all someone needs to do is spoof if and it will bypass the defined check.

]]> By: kayne http://fwebde.com/php/disable-direct-script-access/comment-page-1/#comment-2051 kayne Tue, 07 Sep 2010 05:49:56 +0000 http://fwebde.com/?p=1743#comment-2051 Great code! but both pieces of code need the closing ) if (!defined('BASEPATH') exit('Nothing to see here.'); needs to be if (!defined('BASEPATH')) exit('Nothing to see here.'); and so on. Great code! but both pieces of code need the closing )

if (!defined('BASEPATH') exit('Nothing to see here.');

needs to be

if (!defined('BASEPATH')) exit('Nothing to see here.');

and so on.

]]> By: Maïs http://fwebde.com/php/disable-direct-script-access/comment-page-1/#comment-1713 Maïs Wed, 02 Jun 2010 10:43:32 +0000 http://fwebde.com/?p=1743#comment-1713 Thanks I was looking for that. But in my application I have some page that are get by iframe, so i've add one more line and it's appear to work as i want: if (!defined('BASEPATH') && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) != 'xmlhttprequest') { if ($_SERVER['HTTP_REFERER'] != "http://---adress of my homepage---") { exit('Nothing to see here.'); } } Thanks I was looking for that.

But in my application I have some page that are get by iframe, so i've add one more line and it's appear to work as i want:

if (!defined('BASEPATH') &&
strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) != 'xmlhttprequest') {
if ($_SERVER['HTTP_REFERER'] != "http://---adress of my homepage---") {
exit('Nothing to see here.');
}
}

]]> By: Amatoc Industries http://fwebde.com/php/disable-direct-script-access/comment-page-1/#comment-1334 Amatoc Industries Mon, 08 Mar 2010 08:00:18 +0000 http://fwebde.com/?p=1743#comment-1334 I have to wonder if there is any way to spoof the $_SERVER['HTTP_X_REQUESTED_WITH']... I have to wonder if there is any way to spoof the $_SERVER['HTTP_X_REQUESTED_WITH']...

]]> By: Don Gilbert http://fwebde.com/php/disable-direct-script-access/comment-page-1/#comment-1035 Don Gilbert Sat, 30 Jan 2010 18:45:24 +0000 http://fwebde.com/?p=1743#comment-1035 This answers my question perfectly. I appreciate your hard work in getting and posting this information. Have a great day! This answers my question perfectly. I appreciate your hard work in getting and posting this information.

Have a great day!

]]>