I have a file index.php with script on a link, which opens new window with myfile.php, using JS window.open method. The page itself is based on PHP. What i need to do is to prevent direct access to that JS popup window file. For example, if i press a link in the index.php file like "Press here to open the window", it opens that window with myfile.php inside. If i type it directly - myserver.com/myfile.php, it should display an error or something. With includes it's easy to prevent, however, this is a new window and it does not receive other information than $_GET[] from index.php file, and $_GET[] is easy to surpass.


Recommended Answers

All 5 Replies

Small bump. Anyone has any ideas?

Speculating here, but you could possibly make it check the referrer. I'm not sure if window.open will pass a referrer though.

The only way that I've prevented direct access before is by using the session variables.

You have to use session_start(); on your index.php. Then in the file "myfile.php" do a check

header("Location: index.php");

to redirect to index.php.

I suggest you look online on how to set the session variables for an anonymous user etc.

Member Avatar for diafol

Why don't you just have a link set with target="_blank"?

The referrer will then be clear (http://www.mysite.com/index.php).

if(!isset($_SERVER['HTTP_REFERER']) || $_SERVER['HTTP_REFERER'] != "http://www.mysite.com/index.php"){
  echo "Smart Alec - what you trying to do?"
...display page...

You may be tempted to just check against index.php, using basename(), but I think that would open the link to easy spoofing. There are ways around HTTP_REFERER anyway - a combination of this with a session variable may be useful. You don't have to have a login system to use sessions though.

Even this is a window.open method, the $_SERVER thing works perfectly.


Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.