paulq
08-16-2006, 04:49 PM
I am using Apache HTTPD and PHP 5.
When a user accesses a file that is not found or forbidden then Apache redirects all 403/404's to /error.php?errnum=5. Now I have a web accessible folder with the path /www/folder with four .php includes in it. Although the includes have no sensitive information in them, I still don't want the user to attempt to access the page directly. I use this code (from Marc Wandschneider's book "Core Web Application Development with PHP and MySQL", ISBN 0-13-186716-4) to check if the user tries to call this code directly:<?php
$selfparts = split('/', $_SERVER['PHP_SELF']);
$file = ereg_replace('\\\\', '/', __FILE__);
$fileparts = split('/', $file);
if($selfparts[count($selfparts) - 1] == $fileparts[count($fileparts) - 1])
{
echo "Do not call this file directly."
exit;
}
?>
Now what I want to do is, instead of that "echo", have it redirect to /error.php?errnum=5 like all my other 403/404's and maintain the global variable $_SERVER['REDIRECT_URL'] (which is used in error.php to populate a log file).
Ok so my question is this. How do I redirect a user while setting the $_SERVER['REDIRECT_URL'] variable and having it persist through the transition? Is there a way I can set it with HTTP headers? Perhaps send it an HTTP 302? Any ideas here?
I know this is a convoluted way of doing things but please bare with me.
When a user accesses a file that is not found or forbidden then Apache redirects all 403/404's to /error.php?errnum=5. Now I have a web accessible folder with the path /www/folder with four .php includes in it. Although the includes have no sensitive information in them, I still don't want the user to attempt to access the page directly. I use this code (from Marc Wandschneider's book "Core Web Application Development with PHP and MySQL", ISBN 0-13-186716-4) to check if the user tries to call this code directly:<?php
$selfparts = split('/', $_SERVER['PHP_SELF']);
$file = ereg_replace('\\\\', '/', __FILE__);
$fileparts = split('/', $file);
if($selfparts[count($selfparts) - 1] == $fileparts[count($fileparts) - 1])
{
echo "Do not call this file directly."
exit;
}
?>
Now what I want to do is, instead of that "echo", have it redirect to /error.php?errnum=5 like all my other 403/404's and maintain the global variable $_SERVER['REDIRECT_URL'] (which is used in error.php to populate a log file).
Ok so my question is this. How do I redirect a user while setting the $_SERVER['REDIRECT_URL'] variable and having it persist through the transition? Is there a way I can set it with HTTP headers? Perhaps send it an HTTP 302? Any ideas here?
I know this is a convoluted way of doing things but please bare with me.