[英]Prevent users from accessing php files by typing it directly
There is a php file. 有一个PHP文件。 I want to prevent users from going to that file by typing the url in browser.
我想通过在浏览器中键入URL来防止用户访问该文件。 (ex: abc.xyz/test.php), but users will be able to access that php file when it's redirecting from the website itself.
(例如:abc.xyz/test.php),但是当该PHP文件从网站本身重定向时,用户将能够访问该文件。 (ex: if user click on a link, it will load test.php)
(例如:如果用户单击链接,它将加载test.php)
is it possible? 可能吗?
Upload a .htaccess file into your wp-content folder. 将.htaccess文件上传到wp-content文件夹中。 Have a look if one exists already, then append this code to the end of the file.
看一下是否已经存在,然后将此代码附加到文件末尾。 If you don't have one, just create a new blank file and add this code to it:
如果您没有,则只需创建一个新的空白文件并向其中添加以下代码:
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://(www\.)?yourwebsite\.com/ [NC]
RewriteCond %{REQUEST_URI} !hotlink\.(gif|png|jpg|doc|xls|pdf|html|htm|xlsx|docx|mp4|mov) [NC]
RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in.*$ [NC]
RewriteRule .*\.(gif|png|jpg|doc|xls|pdf|html|htm|xlsx|docx|mp4|mov)$ http://yourwebsite.com/ [NC]
One way is by using cookies ( Used by most of the popular websites ) 一种方法是使用Cookie( 大多数流行的网站都使用 )
test.php test.php
<?php
//Check if user has permission
if(isset($_COOKIE["allow_access"]))
{
//delete access after visiting the page
setcookie("allow_access","",time()-3600);
}
else
{
header("location: index.html");
}
?>
allow.php allow.php
<?php
setcookie("allow_access","true");
header("location: test.php");
?>
index.html index.html
<html>
...
<a href="allow.php">Link</a>
...
</html>
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.