On Wed, May 29, 2013 at 8:14 PM, Jim Giner <jim.gi...@albanyhandball.com> wrote:
> On 5/29/2013 7:11 PM, Tim Dunphy wrote:
>> Hello list,
>>   I've created an authentication page (index.php) that logs into an LDAP
>> server, then points you to a second page that some folks are intended to
>> use to request apache redirects from the sysadmin group (redirect.php).
>> Everything works great so far, except if you pop the full URL of
>> redirect.php into your browser you can hit the page regardless of the
>> login
>> process on index.php.
>> How can I limit redirect.php so that it can only be reached once you login
>> via the index page?
>> Thank you!
>> Tim
> I would simply place my redirect.php script outside of the web-accessible
> tree.  The user can never type that uri into his browser and have it work.

Depends on whether the redirect is by header or not, if it is via the
Location header, then the browser has to be able to hit it.

There is, though, a form of application architecture where everything
is run through the index page, and it pulls things in via
include/require as directed.

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to