Help
This little snippit of PHP can keep unwanted visitors off a certain page. This could be a handy way of keeping people away from your back-end login page. The principle is very straight forward: if a certain query string doesn't exist, bounce the user off to another page.
To start with, you need to know the page you're currently viewing:
Next, you want to make a string that contains everything about the page, except the filename extension. To do that, split $PHP_SELF at the dot, drop the last part and reform the string. PHP has a few native function that will do this.
Then send the user off to another page, one with the same filename but a different extension.
All that's left is to wrap an if statement around that code to allow someone in.
Now the only way to get to your login page is to go to
login.php?allow=me
This can either be a link burried away on your website or even just a secret. Anyone who tries to go to login.php will be instantly redirected to login.html. That page can either be a static page explaining that the user isn't authorised to see the login box, or the page could not exist. While it sounds like an odd thing to do, any robot that crawls your website and looks for a login box will report that the login page doesn't exist.
Of course, if you're looking to save space, you can do the whole thing using a single line:
To start with, you need to know the page you're currently viewing:
<?php echo $PHP_SELF; // echos '/login.php' ?>
Next, you want to make a string that contains everything about the page, except the filename extension. To do that, split $PHP_SELF at the dot, drop the last part and reform the string. PHP has a few native function that will do this.
<?php
$page_parts = explode('.', $PHP_SELF);
array_pop($page_parts);
$page = implode('.', $page_parts); // $page is now '/login'
?>The implode() function allows us to catch pages that contain dots in the filename, "login.box.php" for example.Then send the user off to another page, one with the same filename but a different extension.
<?php
header('Location: ' . $page . '.html');
?>All that's left is to wrap an if statement around that code to allow someone in.
<?php
if (!isset($_GET['allow']) || $_GET['allow'] != 'me') {
$page_parts = explode('.', $PHP_SELF);
array_pop($page_parts);
$page = implode('.', $page_parts);
header('Location: ' . $page . '.html');
}
?>Now the only way to get to your login page is to go to
login.php?allow=me
This can either be a link burried away on your website or even just a secret. Anyone who tries to go to login.php will be instantly redirected to login.html. That page can either be a static page explaining that the user isn't authorised to see the login box, or the page could not exist. While it sounds like an odd thing to do, any robot that crawls your website and looks for a login box will report that the login page doesn't exist.
Of course, if you're looking to save space, you can do the whole thing using a single line:
<?php
if (!isset($_GET['allow']) || $_GET['allow'] != 'me') header('Location: ' . implode('.', array_pop(explode('.', $PHP_SELF))) . '.html'); // Keep out!
?>
Tags: Tutorial
Share This Entry:
1 Comments On This Entry
Y'know, looking at it, that last piece of code won't work. PHP isn't chainable like JavaScript is. Oh wel... moral of the story: test before you post
Skateside,
17 August 2010 - 11:39 AM
Page 1 of 1
Recent Entries
Recent Comments
← February 2012 →
| S | M | T | W | T | F | S |
|---|---|---|---|---|---|---|
| 1 | 2 | 3 | 4 | |||
| 5 | 6 | 7 | 8 | 9 | 10 | 11 |
| 12 | 13 | 14 | 15 | 16 | 17 | 18 |
| 19 | 20 | 21 | 22 | 23 | 24 | 25 |
| 26 | 27 | 28 | 29 |
