On 18 Mar 2008, at 12:46, Sudhakar wrote:
my question is about displaying a friendly message when someone directly types a url in the browser.example i have one file called form.php which processes the information entered in the form and lets say the next page is thankyou.php?firstname=david by seeing the url if someone types thankyou.php?firstname=smith in the address bar the browser will display smith. 1. so if a user enters a url in the browser directly to a specific page("thankyou.php") i would like to display a message like = "Direct access to this file is not allowed"
It is not possible to do this reliably. You can check the HTTP_REFERER variable in $_SERVER, but it's not guaranteed to exist and certainly not guaranteed to be accurate.
I'm guessing you want to protect access to some restricted resource, in which case you need to implement a server-side only check. The most common way to do this is to use sessions. If someone hits the page without a valid session you know they've not gone through the whole process.
2. with the above method assuming even if i type thankyou.php in the browser directly, though i own the file i will also get the message "Direct access to this file is not allowed". so i would not like to see this message, i guess for this i need to specify my IP address i suppose.
That would be one way to do it, but bear in mind that any way you put in to get around security is open to being exploited by other parties. Think carefully about whether you actually need to hit that URL directly all the time or just during development. If it's just during development it would be better to disable any security features you've implemented, just make sure you re-enable them before you put it live.
-Stut -- http://stut.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
