|
Forcing Users Through index.php
November 27, 2001
|
::: Forcing the Fusebox :::
|
In ColdFusion, where Fusebox began, the typical solution to this problem is to use a special file called Application.cfm which automatically runs at the beginning of each HTTP request. In PHP, we can create a file that function similarly by using the php setting for auto_prepend_file. This can be set in either the PHP.ini file (if you have access to it), or, on Apache servers, you can set this in the .htaccess file:
| |
php_value auto_prepend_file Application.php
|
Now every time there is a request for a PHP document, the Application.php file will get run first. The next question is: what goes into the Application.php file? Well, anything that restricts the user to running the file(s) you want them to have access to. For this example, I will show how to restrict access to the index.php file:
| |
<?php
if(!preg_match("/index\.php$/i", $HTTP_SERVER_VARS["SCRIPT_NAME"])) {
header("Location: index.php");
exit;
}
?>
|
Voila! You can only access the index.php file now! Problem solved.
Or is it?
|
