Comments on: Disable Direct Access to a Script With PHP http://fwebde.com/php/disable-direct-script-access/ Helping people to make fantastic websites, whether you are a designer, a developer, or someone just who loves websites. Fri, 23 Jul 2010 12:14:41 +0000 hourly 1 http://wordpress.org/?v=3.0 By: Maïs http://fwebde.com/php/disable-direct-script-access/comment-page-1/#comment-1713 Maïs Wed, 02 Jun 2010 10:43:32 +0000 http://fwebde.com/?p=1743#comment-1713 Thanks I was looking for that. But in my application I have some page that are get by iframe, so i've add one more line and it's appear to work as i want: if (!defined('BASEPATH') && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) != 'xmlhttprequest') { if ($_SERVER['HTTP_REFERER'] != "http://---adress of my homepage---") { exit('Nothing to see here.'); } } Thanks I was looking for that.

But in my application I have some page that are get by iframe, so i've add one more line and it's appear to work as i want:

if (!defined('BASEPATH') &&
strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) != 'xmlhttprequest') {
if ($_SERVER['HTTP_REFERER'] != "http://---adress of my homepage---") {
exit('Nothing to see here.');
}
}

]]> By: Amatoc Industries http://fwebde.com/php/disable-direct-script-access/comment-page-1/#comment-1334 Amatoc Industries Mon, 08 Mar 2010 08:00:18 +0000 http://fwebde.com/?p=1743#comment-1334 I have to wonder if there is any way to spoof the $_SERVER['HTTP_X_REQUESTED_WITH']... I have to wonder if there is any way to spoof the $_SERVER['HTTP_X_REQUESTED_WITH']...

]]> By: Don Gilbert http://fwebde.com/php/disable-direct-script-access/comment-page-1/#comment-1035 Don Gilbert Sat, 30 Jan 2010 18:45:24 +0000 http://fwebde.com/?p=1743#comment-1035 This answers my question perfectly. I appreciate your hard work in getting and posting this information. Have a great day! This answers my question perfectly. I appreciate your hard work in getting and posting this information.

Have a great day!

]]>