0

Hi,

I have a file index.php with script on a link, which opens new window with myfile.php, using JS window.open method. The page itself is based on PHP. What i need to do is to prevent direct access to that JS popup window file. For example, if i press a link in the index.php file like "Press here to open the window", it opens that window with myfile.php inside. If i type it directly - myserver.com/myfile.php, it should display an error or something. With includes it's easy to prevent, however, this is a new window and it does not receive other information than $_GET[] from index.php file, and $_GET[] is easy to surpass.

Thanks

4
Contributors
5
Replies
6
Views
6 Years
Discussion Span
Last Post by Buppy
0

Speculating here, but you could possibly make it check the referrer. I'm not sure if window.open will pass a referrer though.

0

The only way that I've prevented direct access before is by using the session variables.

You have to use session_start(); on your index.php. Then in the file "myfile.php" do a check

if(!isset($_SESSION['username']))
header("Location: index.php");

to redirect to index.php.

I suggest you look online on how to set the session variables for an anonymous user etc.

0

Why don't you just have a link set with target="_blank"?

The referrer will then be clear (http://www.mysite.com/index.php).

<?php
if(!isset($_SERVER['HTTP_REFERER']) || $_SERVER['HTTP_REFERER'] != "http://www.mysite.com/index.php"){
  echo "Smart Alec - what you trying to do?"
}else{
...display page...
}
?>

You may be tempted to just check against index.php, using basename(), but I think that would open the link to easy spoofing. There are ways around HTTP_REFERER anyway - a combination of this with a session variable may be useful. You don't have to have a login system to use sessions though.

Edited by diafol: n/a

0

Even this is a window.open method, the $_SERVER thing works perfectly.

Thanks

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.