473,326 Members | 2,588 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,326 software developers and data experts.

Restricting access to a php script

18
hi,
I have a script 1 that calls another script 2 when a form is submitted. both scripts belong to the admin side and the second one involves database modification.
how do i make sure that there are no loose ends?

one way is to put a check in script 2 so that it executes only when session variables are set to logged in.
another way is to check for the source that the form data came from....I'm not sure of how to check for it. is it through $_SERVER['HTTP_REFERER'] ?? is this way safe?

anyways, which works better? or should I use them in conjunction? or is there a better way for this?
May 1 '07 #1
5 1781
hi,
I have a script 1 that calls another script 2 when a form is submitted. both scripts belong to the admin side and the second one involves database modification.
how do i make sure that there are no loose ends?

one way is to put a check in script 2 so that it executes only when session variables are set to logged in.
another way is to check for the source that the form data came from....I'm not sure of how to check for it. is it through $_SERVER['HTTP_REFERER'] ?? is this way safe?

anyways, which works better? or should I use them in conjunction? or is there a better way for this?
Hi!
I dont understand your needs exactly. When it belong to the admin side, why dont you restrict the entry / access to this forms by hardcoding a login id and a password which only you know. Next by having a tiny login with user id and password, you can check if the hardcoded user id and password match, if yes, redirect to the admin (script 1 page) page, else redirect him to the users section.
Hope this helps you,
Regards
CyberKing
www.bytesandbytes.com
May 1 '07 #2
guile
18
hello cyberking,

i wrote about maintaining login sessions. i think that is the best possible way to restrict access.
but say you had somebody who has access to the admin area. how do you stop that person from writing a program/script to flood the script with requests?

has anybody ever checked for the page from which the request comes from? does it work? how do cms packages prevent their include files from being accessed in the wrong way?
May 1 '07 #3
devsusen
136 100+
Hi,

for the shake of security u can use the session or cookie. This provides u quite reliable security for ur system.

Now considering ur case scenario. Say person A have access to the admin area. Now he can enter there only by using the login system. Now say there is a script named test.php. A can run test.php using some program to flood it. I think this is ur telling.

Now to prevent running the script form out side, use some other script to define some global variable. test.php can check the existence the of the variable and then run the code inside. In ur system u will call the variable containing script to define thew vars globally. But A can't call the script from outside. This way u can make ur script secure from being accessed and executed form outside.


i wrote about maintaining login sessions. i think that is the best possible way to restrict access.
but say you had somebody who has access to the admin area. how do you stop that person from writing a program/script to flood the script with requests?

has anybody ever checked for the page from which the request comes from? does it work? how do cms packages prevent their include files from being accessed in the wrong way?
susen
May 2 '07 #4
guile
18
Hi,

for the shake of security u can use the session or cookie. This provides u quite reliable security for ur system.

Now considering ur case scenario. Say person A have access to the admin area. Now he can enter there only by using the login system. Now say there is a script named test.php. A can run test.php using some program to flood it. I think this is ur telling.

Now to prevent running the script form out side, use some other script to define some global variable. test.php can check the existence the of the variable and then run the code inside. In ur system u will call the variable containing script to define thew vars globally. But A can't call the script from outside. This way u can make ur script secure from being accessed and executed form outside.

susen
Hi,
thanks for that response. I think PHPBB does something similar to ensure include files aren't executed in isolation. It sets up a variable in the master pages and puts a check at beginning of each include file.

I think I can combine both of these systems...checking for the existence of the particular variable to make sure that file is being used inside some other script, and then checking if the session is set to logged in.

thanks
May 3 '07 #5
devsusen
136 100+
Hi,

yeh it s true. Not only phpbb but I have seen many other application in php uses this tecnique to protect the inside code from being accessed.

It seems to me that you have worked with phpbb forum. IMO this is really good forum to in all aspect.

susen
May 4 '07 #6

Sign in to post your reply or Sign up for a free account.

Similar topics

2
by: Xenophobe | last post by:
I have a popup window (required by the client) containing a form and would like to prevent users from accessing it directly. They are instead required to access the page via a hyperlink on another...
4
by: Dennis C. Drumm | last post by:
Is there a way with C# to allow one class access to a method or field of another class, without making that method or field visible to all other classes, as would be the case when making the method...
2
by: amit | last post by:
hi, I have a web application using forms based authentication. I want to restrcit even the non asp.net files from forms authentication i.e I do not want that my clients should be able to access...
3
by: vj | last post by:
I'm building a large infrastructure with about 30 servers (all running linux). I allow my end users to write scripts which then get broken down in smaller parts and run across the 30 servers. The...
0
by: WebMatrix | last post by:
Hello, What's the best way to keep email templates as html files on the server, so ASP.NET application can get file access to it, while restricting web users from accessing it through their...
26
by: Patient Guy | last post by:
The code below shows the familiar way of restricting a function to be a method of a constructed object: function aConstructor(arg) { if (typeof(arg) == "undefined") return (null);...
8
by: sneddo | last post by:
Ok I am trying to do the above, I have got a script that will restrict the length but it requires the user to enter the field and hit a key, before it will work. This would normaly be find, but...
2
by: sant.tarun | last post by:
Hi, I am facing some some problem in restricting the access of a variable.... My question is described below..... Let I have two different C source files 'a.c' and 'b.c'. In the file 'a.c'...
7
by: shashi shekhar singh | last post by:
Respected Sir, I am really tired in solving of this issue that have been arises when i would like to restrict files to access only on my Test page , here i am retriving my files in iframe in Test...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
1
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.