防止直接访问PHP

Question

I have 2 script. That's :

1. registration.html
2. process_registration.php

Sometimes someone open the link direct into process_registration.php, so how can I prevent that ?

Process_registration.php function is to save the data get from input from registration.html.

Any idea ?

Answer 1

You can use :

if (!isset($_POST['field'])) {
  die();
}

at the top of your process_registration.php file.

Of course, replace field by one of your existing fields in your form.

If you're against flooders that does register several accounts using scripts, you may use a captcha field on your registration form, or use protections against crawling .

Answer 2

Just another method:

if (empty($_POST)) {
  exit("Direct access not allowed");
}

Just more flexible with the object names. For extra security, you should put this in your form:

<input type="hidden" value="9957374" name="hiddenvalidate" />

and in your script:

if (!isset($_POST['hiddenvalidate']) || $_POST['hiddenvalidate'] != 9957374) {
  exit("Direct access not allowed");
}

Answer 3

You can check if the current request is a POST type (if you use a form)

if($_SERVER['REQUEST_METHOD'] == 'POST')

and you can also check if all required variables are set.

Answer 4

You can use $_POST array in process_registration.php for this like :

if(!isset($_POST['yourvariable'])){
//Redirect to registration page
}

You can also use PHP Session for it. If session is not set then redirect user to registration page.

Answer 5

I like the way Joomla handles this issue.

On every php page in Joomla, you will see the following code:

// No direct access
defined('_JEXEC') or die; // it's a config setting

Only the top-level pages have this variable included in them. All other files, if opened directly, close, thereby preventing any accidental misuse/data loss.