On Wed, May 29, 2013 at 8:14 PM, Jim Giner <jim.gi...@albanyhandball.com> wrote: > On 5/29/2013 7:11 PM, Tim Dunphy wrote: >> >> Hello list, >> >> I've created an authentication page (index.php) that logs into an LDAP >> server, then points you to a second page that some folks are intended to >> use to request apache redirects from the sysadmin group (redirect.php). >> >> Everything works great so far, except if you pop the full URL of >> redirect.php into your browser you can hit the page regardless of the >> login >> process on index.php. >> >> How can I limit redirect.php so that it can only be reached once you login >> via the index page? >> >> Thank you! >> Tim >> > I would simply place my redirect.php script outside of the web-accessible > tree. The user can never type that uri into his browser and have it work.
Depends on whether the redirect is by header or not, if it is via the Location header, then the browser has to be able to hit it. There is, though, a form of application architecture where everything is run through the index page, and it pulls things in via include/require as directed. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
