I searched for the answer for my question but I couldn’t find exactly what I wanted.
If you find a duplicate of this please send me it!
I have a couple of files in my website that are used to do background functions that I don’t want anyone to access them- not even the admin. for example files like PHPMailer.php, login-inc.php logout-inc.php and more.
I need a way to prevent anyone from accessing those pages and not prevent them from working when triggered by buttons/forms.
I’m aware that using a session can redirect not logged users, although, here, I need to prevent everyone from accessing the pages by redirecting them or sending them to a 404 page.
what do I need to use to do that?
thanks!
Update: I’m very new to web coding so sorry for the confusing question, I wanted to block users from entering some pages by entering their location with a link for example I don’t want users to be able to access tokens/passwords…
Using .htaccess solves my problem. thank you.
Advertisement
Answer
One way to protect your files to be called by web server is to move them out of site webroot directory. That way there is no way that someone access the with web browser and you still can include them. It’s common solution.
Other way is to intercept web server requests and i.e. forbid some of them, redirect some others and so on. I.e for Apache web server you can do that inside .htaccess file. You have to allow that in website settings.
For your specific case, with those buttons:
You’ll have to use .htaccess (or equivalent) to intercept all requests to those files. Then redirect those request to some php script, with also saving passed parameters.
Then your PHP script should decide what to do with that request…reject it (redirect to 404 page) or allow access.
For that your buttons, should pass some kind of pass code. So your PHP script can check, when it’s called if valid pass code is provided (allow access) or not (redirect to 404).
Now making that pass code that can’t be manipulated could be tricky, but generally you must invent some formula to generate them (based i.e. on current time) so PHP script could you the same formula to check it’s validity.
Other way is to i.e. to do some JS action when button is pressed (i..e write some cookie) and PHP script will check for that JS action result (cookie exists or not).