Only allowing original referrer to access a page

fixafone123 · #1 (**permalink**) 11-16-03, 12:40 AM

I have a .php page that I only want to be accessed via a call from another page on my site. I dont want someone to be able to type the URL of the page into their browser and get to it. I thought I could ban all other IPs except the local ip (127.0.0.1) from accessing the page, but I cant get it to work and am not sure if this is the most efficient way to do it. Any help would be appreciated.

Thanks

mdhall · #2 (**permalink**) 11-16-03, 02:53 AM

Try this...

mixDev · #3 (**permalink**) 05-28-04, 05:37 AM

HI all,

Authentication systems based on HTTP_REFERER checking are not really secure as it can be Spoofed easily using custom HTTP headers. A simple googling for HTTP_REFERER gives the first link titled "How to spoof HTTP_REFERER".

So I changed something there in the above script file

Change "Your Ip here" to the IP address whom u want to allow access.

PHP Code:


			
<?php 

$USERIP = getenv("REMOTE_ADDR");

 

if (!strchr($USERIP, "Your IP Here")) { 

echo "<script>alert('Sorry, you are not allowed access');window.location='localhost/community/sorry.php';</script>"; 

 exit(); 

} 

 ?>

BUT,
If you really need a secure system, u can use Apache .htaccess password protection techniques. You can see one tutorial here.
If you are not using apache at all, try php session varibles to authenticate users.

(is that so general?. this is my first post. So plz dont flame me. )

mixDev · #4 (**permalink**) 05-28-04, 05:42 AM

HI again,

Here is a related theread u may be interested in.
http://www.programmingtalk.com/showthread.php?t=5864