How to prevent access to php-file

Question

I'am looking for a solution to prevent the access to my php-file. I' am calling a php-file via my homepage to make some database calls. To prevent others from calling this file I'am looging for a solution that only my homepage gets an answer from the php-file and prevent giving output to others who direct call the file.

Thanks for any proposals in advance.

I do not know the IP adreess (File is on a hoster) Yes the file is on the same server — hamburger, Mar 28 '13 at 09:48
what is the code behind "I am calling"? is it include, HTTP, AJAX, RPC, whatewer? — Your Common Sense, Mar 28 '13 at 10:10
what is the role of this file? what kind of information it is writing to database? is it admin page for your personal use only or publicly accessed page like a guestbook? — Your Common Sense, Mar 28 '13 at 10:57
its publicly accessed and it simple store the given $_Post to a db — hamburger, Mar 28 '13 at 11:20
is it *intended* to be publicly accessed? Is anyone indeed allowed to post? If so - why you're complaining then? If this page intended for your personal use only - use a password protection. — Your Common Sense, Mar 28 '13 at 12:17

Your Common Sense · Answer 1 · 2013-03-28T10:46:08.937

1

How to prevent access to php-file. it's Ajax and a post via form.submit depending on the data

There is NO WAY.

You are calling your file not via whatever homepage but it's user's browser calling it. Thus, any other browser can call it as well.

But I have somebody who is able to post something and polute my database.

That's another matter. If this page is used to post something into database, you need to protect it usual way, either by means of password or CAPTCHA, depends on the page role. But still this won't prevent access to the file but just prevent abuse.

edited Mar 28 '13 at 10:46

answered Mar 28 '13 at 10:19

Your Common Sense

156,878
40
214
345

This answer is incorrect. An AJAX call from an external IP address will be blocked if the .htaccess file disallows it. – Dan Nissenbaum Mar 28 '13 at 10:22
if I make a ajax-call via my index.html I think the given IP-Adress will be not 127.0.0.1. The result is, that the call will be blocked. But it shouldn't, because thes "me" who is calling. – hamburger Mar 28 '13 at 10:33
2

@hamburger you are right. Frankly, from the server's point of view, AJAX calls are the same as regular calls. So, if it's a private page of yours - just make it password-protected usual way. But if this page is intended for the public access, you cannot actually "protect" it. – Your Common Sense Mar 28 '13 at 10:41
whats about the mentioned idea to open a session? in my html-file I can do this:session_start(); $_SESSION['check'] = "123"; and the PHP-file is checking this. Like this I can prevent a single call of the php-file in the browserbar – hamburger Mar 28 '13 at 10:51
1

Either password protection and CAPTCHA usually use a session. But just a session by itself can't do any good. – Your Common Sense Mar 28 '13 at 10:53

How to prevent access to php-file

1 Answers1