Allow window.location but prevent direct access to a PHP file

Question

I have a script file named script.php which is accessed from another php file called main.php through the " Window.location " command. I want to prevent direct access to file, ie, no one can type script.php in the URL bar and view the contents of the file. But I want my main.php to be able to redirect to script.php using window.location. Any way to do this?

I have tried using Debug Backtrace and preg_match() but these are also blocking the window.location from main.php. Any way to get around this?

Answer 1

I'm not really sure what and why you want to do. There is no way to only allow a script to open a URL, because the browser will handle it.

Normally you should check in the files itself, if the user is allowed to use them. So you have to find a logic for you, how to tell you script, if the user should see it. Otherwise you can do some other action, like displaying an error or redirect him back to you main.php .

Just some quick ideas ...

Idea 1.) If possible, you can include() the script.php in main.php and block the direct access via .htaccess . Then you don't need a redirect and no one can access it directly.

Idea 2.) Set a session variable in main.php like $_SESSION["allow"] = true; and check this again in script.php . Afterwards set the value to false , so the next call will be fail.

Idea 3.) Add a parameter to the file call, like script.php?allow=true . But in this case, all users who know the parameter could call it.

Idea 4.) Add a custom parameter to the redirect, wich is only valid for a given time. To be simple, something like php time() . Check if the parameter is within a short time limit. But in this case, the redirect url has to be generated when the main.php file starts the redirect. Otherwise the request could be already to old.

So that are my ideas. Hope something gives you a hint how to do it.