Question about getting URL

[timgerr]

Hey, I have a php page that usis 2 includes. I don’t want the users to go to the includes directly but through a page that I specify.

Here is what I mean:

<?php
//page name is here.php
include "somthing.php";

more code and somthing
bla bla bla
?>
[/code}

I want to users to go to the here.php and not to somthing.php.  What I thought about doing was to add a check in somthing.php to see if the url is [URL unfurl="true"]http://www.blabla.com/here.php[/URL] and not [URL unfurl="true"]http://www.blabla.com/somthing.php.[/URL]  

How can I check a url in php.

-How important does a person have to be before they are considered assassinated instead of just murdered? 
-Need more cow bell!!!

 

[jpadie]

i don't really follow what you want.

but you can find out what page a user has requested from an examination of the $_SERVER superglobal.

if you are looking for a despatch method of user navigation then i'd recommend restructuring your links like so:

[URL unfurl="true"]http://www.domain.com?page=somepage.php[/URL]

and testing the $_GET['page'] variable

you could also retain the schema you are currently using and make use of mod_rewrite within apache. there are equivalents (less good) for IIS.

 

[vacunita]

I think he means not allowing a user to directly call the included file without going through the originating page first.

Just set a variable before including the file and then look for it in the included file if its not there the file was called directly.

e.g:
here.php

$myvariable="SET";
include("somefile.php");

somefile.php

<?
if(isset($myvariable)){
echo "This file was included";
[green]//Do whatever it is you want to do from this file[/green]
}
else
{
echo "This file was called Directly";
[green]//You could then redirect somewhere else or just issue an error[/green]
}
?>

----------------------------------
Ignorance is not necessarily Bliss, case in point:
Unknown has caused an Unknown Error on Unknown and must be shutdown to prevent damage to Unknown.

 

[jpadie]

@vacunita
you could be right! wouldn't it be better to store the includes outside the webroot?

 

[vacunita]

Well yeah that would be the better solution, However not knowing what kind of setup the OP has, and if the OP is at all allowed to put files outside the webroot,(some hosting services don't allow files outside the predetermined folder).
I wasn't sure about suggesting it.
But it would be the better option.

----------------------------------
Ignorance is not necessarily Bliss, case in point:
Unknown has caused an Unknown Error on Unknown and must be shutdown to prevent damage to Unknown.

 

[timgerr]

I have everyting fomming from index1.php and I dont want anyone to go outside of that. I am going to have a test at all the includes to test for path.

T

-How important does a person have to be before they are considered assassinated instead of just murdered?
-Need more cow bell!!!

 

[vacunita]

If you are including more than few pages, and you only want to allow access to a single page i.e index1.php jpadie's suggestion of moving the includes outside of the webroot would only require you to change some code in your index1.php to where the includes are.

By placing them outside the webroot. they cannot be called by the user in any fashion, even if they try they'll most probably get an access denied.








----------------------------------
Ignorance is not necessarily Bliss, case in point:
Unknown has caused an Unknown Error on Unknown and must be shutdown to prevent damage to Unknown.

 

[jpadie]

if you have not got the ability to move files outside of the webroot as vacunita alluded to above, you may find that putting them in another directory and including an .htaccess file with the directive "DENY FROM ALL" would have a similar effect. often hosts allow this even if they don't provide space outside of the webroot.

 

[cyberspace]

on a side note here, as i'm doing similar things with includes...

why is it better to have the includes outside of the webroot?

Say I have an index page, and for example i include menu.php and status.php.

If these 2 pages are in the same directory as index.php, is that not considered correct?

'When all else fails.......read the manual'

 

[vacunita]

Basically, for security purposes, you may not want to have your includes accessible to your users directly.

Say you have in one of your includes an algorithm that encrypts passwords, or decrypts them, you would not want any old user to call up that page and use it to gain access to
your passwords would you?

By keeping your includes outside your webroot, they cannot be accessed directly.





----------------------------------
Ignorance is not necessarily Bliss, case in point:
Unknown has caused an Unknown Error on Unknown and must be shutdown to prevent damage to Unknown.