Block direct php file access

D12Eminem989 · August 20, 2012, 10:23am

Hello, I am trying to get this piece of code to redirect back to index.php if it’s called directly.

index.php:
[php]

Untitled Document

Enter Download URL :

[/php]

remote.php:
[php]<?php
define(‘BUFSIZ’, 4095);
$url = $Link;
$dir = ‘./uploads/’;
$rfile = fopen($url, ‘r’);
$lfile = fopen($dir . basename($url), ‘w’);
while(!feof($rfile))
fwrite($lfile, fread($rfile, BUFSIZ), BUFSIZ);
fclose($rfile);
fclose($lfile);
echo ‘

File Remote Download Complete !

’;
?>[/php]

Basically what I am trying to do is allow the script to call the remote.php but block and redirect direct access to the file such as going to http://www.mysite.com/remote.php.

Can someone show me the edited code to do this? Thanks in advance!

richei · August 20, 2012, 11:57am

create a session on the index page, then on the remote page, on the very top, have it look for the session, if its not there, redirect back to index.php, if it is, then proceed.
[php]
//index.php
session_start();
$_SESSION[‘allow’] = 1;

//remote.php
session_start();
if(!isset($_SESSION[‘allow’])) {
header(‘Location: index.php’);
}[/php]

something like that would work since sessions are deleted a few minutes after leaving the site or closing the browser.

D12Eminem989 · August 20, 2012, 12:32pm

I am getting the following error when I try to access the page:

[php]Warning: fopen() [function.fopen]: Filename cannot be empty in /home/tony/public_html/remote.php on line 12

Warning: fopen(./uploads/) [function.fopen]: failed to open stream: Is a directory in /home/tony/public_html/remote.php on line 13

Warning: feof(): supplied argument is not a valid stream resource in /home/tony/public_html/remote.php on line 14[/php]

richei · August 20, 2012, 1:00pm

its telling you it can’t find the file that you’re looking for in that particular folder. make sure the folder structure is there and you have the proper permissions to read and write.

D12Eminem989 · August 20, 2012, 2:23pm

The folder is there and all I am doing is testing to see if I can access the file “remote.php” directly to see if the above code you suggested works and that was the error it returned me. It’s given me that error for all the codes I have been trying, even without the fix. Whenever I directly access that file it gives me that error and a huge .error file.

Know of anyway to fix that code and not allow direct access and only when the form is submitted like it should?

Thanks for all the help by the way.