Ravens PHP Scripts: Forums
 

 
  Forum Index  •  Forum FAQ  •  Search  •  Memberlist  •  Usergroups  •  Profile  •  Log in to check your private messages  •  Log in

how to prevent direct file access
 View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
Nomad
Client



Joined: Jan 21, 2006
Posts: 87
Location: Arizona
PostPosted: Sat Jul 08, 2006 1:44 pm Reply with quote
Ok, guys. First of all thanks for all the help....

I'm trying to add scripts to my site that are not php-nuke scripts.

So if its not a module file, nuke file,or block file then how do i prevent direct access.

I want the only access to the file to come from a link from inside my nuke site. This way I can use the nuke registration process to filter access.

_________________
Nomad!~! 
View user's profile Send private message Visit poster's website AIM Address
gregexp
The Mouse Is Extension Of Arm



Joined: Feb 21, 2006
Posts: 1497
Location: In front of a screen....HELP! lol
PostPosted: Sat Jul 08, 2006 2:17 pm Reply with quote
try .htaccess

inside should be:
deny from all

This should stop DIRECT browser access but your site will be able to run the script.

_________________
For those who stand shall NEVER fall and those who fall shall RISE once more!! 
View user's profile Send private message Send e-mail Visit poster's website AIM Address Yahoo Messenger MSN Messenger ICQ Number
Nomad
PostPosted: Sat Jul 08, 2006 3:50 pm Reply with quote
ok, I tried that, but then I get a 404 error - You don't have permission to access index.php on this server.

This happens when I run a link out of phpnuke.

maybe I'm tackling this situation wrong.
 
Guardian2003
Site Admin



Joined: Aug 28, 2003
Posts: 6799
Location: Ha Noi, Viet Nam
PostPosted: Sat Jul 08, 2006 3:52 pm Reply with quote
The htaccess directive needs to be placed in a htaccess inside the same directory as the file you are trying to protect.
Is this what you did?
 
View user's profile Send private message Send e-mail
Nomad
PostPosted: Sat Jul 08, 2006 3:59 pm Reply with quote
yes......
the htaccess file is located at: www.azusamti.com/moodle/htaccess

try this...
Link from the site
http://www.azusamti.com/modules.php?name=NukeWrap&page=moodle

This is the direct link
http://www.azusamti.com/moodle/index.php
 
gregexp
PostPosted: Sat Jul 08, 2006 8:48 pm Reply with quote
I think this is because of the use of an iframe, in iframes its still direct access from the users browser.

sorry I did not think of this earlier. I will look further into this.


Update: because of it being the same as opening 2 browsers to display one page, we have that problem. To answer your question, why not include the is_user function in nuke?

I believe including the mainfile.php may just give you what you need'

Then code this in there after the include

if is_user($user){
code
}else{
die("This module is not active for none members");
}

This will stop them from accessing it directly, If they are not a user but it will not stop a user from acessing it directly, perhaps and include is in order, if possible, Imma test a theory and get back to you.

If this is a FULL script(with more then on file) then include wont work either, but if not, include should work just fine.
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke


 Jump to:   




View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©