Prevent Access Via Entering Url In Address Bar Of Web Page

Jun 21, 2011

I've got a problem whereby I need to block access to my survey, I do not want a situation where a user can access the survey by just entering the URL of the survey, the survey has been integrated with mediawiki.

ADVERTISEMENT

Prevent Page Access Outside Website

Oct 6, 2007

I have a php webside with a guestbook and I want access to the guestbook
only via the homepage. How can I modify the index.php of the guestbook to prevent access from outside the website?

View 4 Replies View Related

Session To Prevent Access To A Page

Mar 18, 2011

I was asked to make new thread for this, so how do I use a session or something to restrict access to a page. like if accounttype=Admin, stay here, all others go away.

View 4 Replies View Related

Prevent People Entering Numbers?

Dec 23, 2006

can i prevent users from entering numbers into my HTML form. and the opposite a code to stop people entering letter into some firelds.

View 4 Replies View Related

Prevent A User Entering Certain Characters?

Nov 9, 2010

I have my own web site I want a valid input to be entered by user i.e. User is not allowed to enter special characters like /* */, ', etc. . . How can i prevent this?

View 6 Replies View Related

Prevent Direct Access To A Blank Page

Oct 28, 2009

In my PHP pages I use the following for my DB info: include('dbconnect.php'); If someone was to type the direct path to this file they get a blank page, would it be better to somehow prevent access to this file completely or is it fine the way it is?

View 2 Replies View Related

Prevent Entering To The Site Using Url Typing In Codeigniter?

Dec 17, 2010

I have done a site using Codeigniter, it almost complete now, i have a problem though even though i have implemented sessions and maintained the login to the system , a person can type the url in the browser and enter the web page.it's like this, i have implemented the session for patient registration like this

function index(){
$this->is_logged_in();
}

[code]...

View 4 Replies View Related

Prevent User From Entering Javascript In Textarea?

Jul 21, 2009

I have a text area where user can enter anything, but i prevent the user from entering javascript in the textarea. (need server side validation/control). If anyone have any ideas , let me know

View 4 Replies View Related

Entering Total Value Of Two Numbers In A Text Box To Prevent Spam?

Mar 14, 2011

entering total value of two numbers in a text box to prevent spam

<?php
$rand = rand(2,9);
$rand1 = rand(2,9);
echo $rand." + ".$rand1;

[Code].....

How do I verify this value of both in a POST method??

View 2 Replies View Related

BBcode Using Preg_replace() - Prevent Users From Entering OnClick

Jun 10, 2010

I have a simple question (not for me), ok, at first, take a look at this:

$msg=preg_replace("/[b(.*?)](.*?)[/b]/i", "<b $1>$2</b>", $msg);

Okay, on that regEXP, a $msg will replace any thing found and put it into a new form (I don't know how to explain, how about an example): It will turn

[code]...

And all I want to do is instead of replace all attributes go after [b attribute1 attribute2...attributeN], the function will remain those attributes AS LONG AS THEY DO NOT START WITH on (like onClick, onMouseOver...).

View 3 Replies View Related

Access The Home Page Without Typing The Ip Address?

Dec 14, 2010

i have created a log in system. the users are connected in a LAN with server.... to access the home page of the log in system, the users has to type url as the ip address of the server i.e, xxx.xx.xx.x/login.home.php... is there any way to access the home page without typing the ip address... just type home in url and enter it will go to the login home page. is it possible? how to do it? wamp 2.0 Apache server. php version 5.3 i am using.

View 3 Replies View Related

Changing Address Bar Gives Access To Admin Page?

Mar 24, 2010

I have developed a website, where i have 2 access levels, users and admin. on the server, i have admin folder with all admin stuff and user folder with all user stuff. based on the username,password combination from login page, i am redirecting the user to appropriate location. Everything is fine, but when user logs in and if he changes or types into the address bar, the pages from the admin folder then he is able to access them. How do i prevent this from happening?

like if the user is redirected to User.php and he changes the address to Admin.php he is getting access to all the admin stuff from there on. I want to know how i can prevent a user from entering the Admin folder completely.

View 1 Replies View Related

Changing Address Bar Gives Access For User To Admin Page?

Mar 24, 2010

I have developed a website, where i have 2 access levels, users and admin. on the server, i have admin folder with all admin stuff and user folder with all user stuff. based on the username,password combination from login page, i am redirecting the user to appropriate location. Everything is fine, but when user logs in and if he changes or types into the address bar, the pages from the admin folder then he is able to access them. How do i prevent this from happening? like if the user is redirected to User.php and he changes the address to Admin.php he is getting access to all the admin stuff from there on. I want to know how i can prevent a user from entering the Admin folder  and all its pages completely, even by changing the address bar.

View 12 Replies View Related

Secure Things Are Entering Email Address Into The Database?

Nov 23, 2010

just starting out with PHP, etc. Seem to be picking things up quickly. Just want some advice on how secure things are e.g. entering email address into the database, etc.

<?php
error_reporting(0);
$email = "";
$msg_to_user = "";
if ($_POST['email']!=""){
include_once "connection.php";
$email = $_POST['email'];
$sql = mysql_query("SELECT * FROM addresses WHERE email='$email'");
$numRows = mysql_num_rows($sql);
[Code]....

View 4 Replies View Related

Email - Contact-us Form Works Fine If Entering A Gmail Sending Address?

Jan 25, 2010

I've setup an ecommerce site using Prestashop and when testing their contact form, I found that I was not receiving any messages if user enters Yahoo email address as the senders address. I have no problems, however, if the user enters a Gmail address.

Prestashop is set up currently to use the PHP Mail() function for the contact form. What could be the problem and what solutions could I look at as I obviously need to receive mails from everyone, not just those with gmail addresses.

[Code]....

View 6 Replies View Related

Prevent IP Address From Getting Banned By Ebay?

Sep 20, 2010

I'm using the ebay API to import the products. After some days/time period I can't get the records from ebay. To ensure the problem I have requested it from the different IP. And it works from it. It concludes that ebay is not allowing the request from earlier IP. So what can be the solution?

View 1 Replies View Related

Prevent Mail( ) From Appending Hostname To From Address

Dec 21, 2009

I want to be able to send texts to phones via email (since each phone has their own address), and for specifying the from, I want to specify my own number, is there a way to do this?

For example:

Code: [Select]$from = '7785555555';
if(mail($to, $subject, $message, "From: $from"))
echo "Mail sent";

If I do this, the From in the email will be 7785555555@hostname.com. Is there any way I can send it so that it doesn't auto append the host name?

View 14 Replies View Related

Prevent Showing Address In The Status Bar While Hovering A Link?

Jun 24, 2010

How can I prevent showing web address at the status bar while hovering a hyperlink?

View 3 Replies View Related

Prevent Referral Registrations/downloads/visit By IP Address?

Feb 1, 2011

Is there a way to prevent the same person from referring itself? IP address is obviously not enough to prevent these kind of scammers that know how to game a system like these.So in the current technology, how do you prevent it from happening? I can use sending messages but these process is to extensive for user registration. I can also do credit card validation but it is also very extensive for my system.

View 2 Replies View Related

Prevent Submittion Of Form If Email Doesn't Have @ Or .com/etc In Address

Mar 28, 2009

Does anyone have a simple code to prevent email address in a form to be sent off with out it being proper, such as .com/.net/.org and/or @ symbol

View 5 Replies View Related

Page Reloads Keep Entering Data In Db

Apr 1, 2002

The problem is I have a small form that allows a user to input data into a database. Everything works fine, after a successful submission, the user get a message saying that their info was accepted.

The problem is that if that page is reloaded, it enters the info again. There is only going to be one person doing the submitting so I could explicitly say...DO NOT RELOAD the page, but that seems kinda half as**d.

View 5 Replies View Related

Entering Text Into A Seperate Page Via A Form

Feb 14, 2007

I'm doin' a site for a company who wants to enter in some News content themselves. They're not comfortable at all with html, so I'd like to create a simple form so they can enter data into a text box, click submit and that data (just news stories) gets sent to the body of the news section.

(The news section is in a table on the home page)

Is there a tutorial around that deals with a similar concept? Something I could learn and then use to create my own? Code:

View 3 Replies View Related

Prevent Access To Directories

Nov 12, 2005

I am using Apache 2.5 together with PHP5 and MySQL 4.1. Is there a way to prevent access to directories where I store php/css/js files?

View 4 Replies View Related

Prevent Visitor Access Via IP?

Apr 28, 2010

How to redirect visitor who visited my website via my dedicated IP?

View 4 Replies View Related

Call A Page From A Script Doesn't Work, Manually Entering The Url Does?

Jul 8, 2009

I have a form where I take a video and convert it to flv using ffmpeg and the php shell_exec function. I store the output into a variable for further processing.I do about the same thing to create images from the video using ffmpeg-php to get individual frames of the video. If I have the image script just return the image to the browser it works fine. If I have the script save it to file, but entering the url into the browser manually, it works fine. However, if I use shell_exec yet again to use wget to call the page, it doesn't work. the output I get from wget is a 500 internal server error. If I copy the URL wget requested, it will create the image no problem. Anyone have any ideas why using wget this way wouldn't workI did notice that when I enter the URL into the browser manually, the page does return an image with the url requested, which is odd because I thought that when you wrote the file to the file system, it just saved it there and didn't return anything to the browser.I'm not stuck on the idea of using wget, it was just the first one that came to mind. I call the script 6 times. I get the first frame of the video and save it, preserving aspect ration, to a 160 width image. I then get the first frame for 5 seconds. So at 30 frames per second, I would create an image of frame 1, 31, 61, 91, and 121.

View 2 Replies View Related

Prevent Access To Certain URL Requested Pages?

Jun 6, 2009

How to prevent access to certain URL requested pages?

If i have form.html, processFrom.php and getResults.php in my webapp root, even though processFrom.php does not echo any content, how can i prevent the user from accessing this file by typing in the URL?

View 3 Replies View Related

Security - Prevent Access To Script Except For One IP?

Feb 4, 2011

I have a static form on a server that does not support php: <form action="[URL]... I need the script on the file process_form.php to only be processed if the request is being sent by the static IP of the server on which the static form is hosted. How to do this? If anyone other then that ip is attempting to request the script the script should be killed immediately.

View 2 Replies View Related

Access Prevent Image Directory?

Apr 14, 2009

I prevent my image directory by using .htaccess file by :Code: Options -Indexesbut when I tried to display image from this directory it's not display

Code:
echo '<img src="img/?????.jpg" />';

My question is .. how prevent directory an files inside it and at the same time I could display image .

View 3 Replies View Related

Prevent Direct Access To File

Aug 6, 2009

I have caller.php that calls a second file get.php with some parameters (note get.php is not a runtime include, but called only when a user clicks a button), i.e.,

file=get.php?doc=../../abc.mp3

Both caller.php and get.php are in publicly accessible folders. abc.mp3 resides in a level higher than public and not open. I want get.php to work ONLY when called from caller.php. If get.php called directly from the browser it should result in an error message. I don't want to use referrer checks if possible. Also, not looking for foolproof method, but something that is reasonably secure or will require a few steps each time to break.

I have considered passing a $secretkey from caller.php to get.php but anything I pass can be seen in the view source or headers? Also, session variables don't work well I think as I don't want user to go to caller.php first and then right after do a direct call to get.php because session key is set as that will trick get.php into working....

View 24 Replies View Related

Prevent SQL Injection In ODBC And MS Access?

Aug 13, 2007

I'm on a GoDaddy Windows hosting using PHP and MS Access. It is well documented how to prevent SQL injection with MySQL, but how do one prevent SQL injection with ODBC and MS Access?

Any suggestions would be much appreciated. Seems like Access with PHP is fairly rare and not much information on the net is written about it.

View 14 Replies View Related

Prevent Access From External Sites?

Sep 26, 2007

I want to prevent access from external sites, for example a proxy site. I don't want to enable linking such as proxysite.com?url=www.mysite.com, but only a direct link: mysite.com. Any ideas?

View 2 Replies View Related

Prevent Direct Access To Include File?

Jan 3, 2009

I have a php file which I will be using as exclusively as an include. Therefor I would like to throw an error instead of executing it when it's accessed directly by typing in the URL instead of being included.

Basically I need to do a check as follows in the php file:

if ( $REQUEST_URL == $URL_OF_CURRENT_PAGE ) die ("Direct access not premitted");

Is there an easy way to do this.

View 14 Replies View Related

Security - Prevent Access To Files Outside A Certain Directory?

May 22, 2010

I've found out the hard way that my website can be hacked by passing a query string parameter that has many ../s to access files outside of the website directory, and then hack the website.

Is there a way, perhaps through the php.ini, to not allow file includes outside of a certain root directory?

To make things worse, most of what is running on the server is not my code. The website runs on the CMS Joomla! and the exploit was done through a purchased plugin.

I cannot change the scripts, if it has to come to that, I'll just uninstall the affected plugins.

View 2 Replies View Related

Security - Prevent Direct Access To Include

Aug 10, 2009

I have a php script PayPal eStores/dl_paycart but it has PayPal eStores "settings.php" Security Bypass Vulnerability. I would like to know if I can prevent direct access to a php include file.

defined( '_paycart' ) or die( 'Access to this directory is not permitted' );

View 4 Replies View Related

What Checks To Use To Prevent Direct Access To Pages

Sep 11, 2009

Is it better to check for a defined constant, check the url, or any other ways.... something like

if(!defined(INCLUDED))

of

if($_SERVER['REQUEST_URI'] == $_SERVER['PHP_SELF'])

What ways do you check if a file was accessed directly..also, is it important to prevent direct access to pages... (I figure a site should work in the way it was designed, so accessing directly would go against that, but)

View 3 Replies View Related

Prevent Direct Access To JavaScript Files?

Apr 23, 2011

I have seen that some web sites have a PHP script to redirect the user to another web page if they try to access JavaScript files directly. How is that done?

View 3 Replies View Related

Prevent Users From Being Able To Access A Webpage Via Web Browser?

Apr 18, 2010

This program is going to submit GET data to our webpage. However, we don't want users accessing the webpage any other way than the program. We can prevent users from sharing the program using HWID authentication, but nothing prevents them from using a packet scanner to get the URL of the webpage. We thought about user-agent authentication, which we will implement, but user-agents can easily be spoofed.

how can we prevent users from accessing the webpage directly, instead of through the program?

Even if you don't have an answer that will completely work

Currently we will be implementing:

HWID Authentication to use the program User-Agent Authentication to access the web page Instant IP Blacklisting to anyone accessing the webpage without the proper User-Agent

View 4 Replies View Related

Prevent Access From External HTML Forms?

Sep 28, 2007

I've noticed that some of my scripts are vulnerable to external HTML forms, meaning someone can use my functions using his own form. This might cause a bit of a problem to me. Is there any way to prevent someone from accessing my scripts using such a form and limit the access to my own forms?

View 3 Replies View Related

Prevent Brower Access To A Form Handler File?

Jun 13, 2011

i know this has been answered lots on SO but i still have a question - i am using the cforms plugin in Wordpress and i've given it the url of a form handler page and i want to block direct access to this allowing only cforms - i've tried everything i've come across including file permissions and putting the file outside the root though everything that blocks the file to direct access also seems to block it from cforms ..... so i assume they're reading it as a browser would .... so i figure i'll need to block it from everybody except requests coming from my webserver (using htacesss) ..... but i am on a shared server and i dont want to leave it open to attack from the other domains on i share with .... so my question is this - can i target my domain specifically in htaccess using "allow" ?

View 1 Replies View Related

Prevent Access To The Action Of The Controller Edits The Post?

Jun 11, 2011

I spent the day here at SO as in other sites.And I got a headache:looking for tutorials and answers about how to implement Zend_Acl.I saw people using it to allow or disallow access to certain controllers/actions and others saying that this way is incorrect, and that should allow or disallow access based on models.

Huh, the second appears feasible, however, this means that for every controller I need a model?Because it seems, following the second alternative, I'll only be able to block user access at the moment it is, for example, editing a post.But I would like to prevent access to the action of the controller which edits the post.

If I want to block access to the user with role X to the action Y of the controller Z, how would I do that if I follow the second alternative?An example of a real application would be very welcome.This information can improve your answers:
I use Doctrine 2 as ORM, and I have a module Admin.The actual structure of my application is like this:
application
- MYAPP
- configs
- controllers
- layouts
- views
- library
- MYAPP ;This folder is in the include path
- modules
- admin

View 1 Replies View Related

Web Services - Prevent Access To Files If The Caller Isn't Using HTTPS?

Sep 16, 2010

I have written several PHP web services where I pass in arguments via the URL. To prevent unauthorized access, I pass in a unique key as one of the arguments. I call the PHP file via HTTPS, and I am wondering if there's a way I can prevent the script from running if HTTPS is not used.

View 5 Replies View Related

Prevent Direct URL Access And Redirect Visitors To Index.php?

May 4, 2011

how to prevent direct access to this URL and redirect visitors to index.php: [URL]

View 3 Replies View Related

Impose Access Limits From Apache To Prevent Scraping ?

Mar 10, 2010

The problem is of a content website that is being scraped so badly that it breaks the server.

Is there an easy method of limiting access for IPs to a fixed number of requests at a time OR per day ? ( 10 pages / day or.... 10 pages every 2 minutes )

Ideally, I would keep a wildcard list for search engines and disallow everybody else from accessing content too fast or too much.

View 3 Replies View Related

Security - Prevent Direct Access To Files That Do Not Echo Anything?

Jul 3, 2011

For an example if I have a mail script or a script that writes to a database - scripts that do not echo anything important (other than a thank you, or an error message), but do a lot of important back-end work. What could the possible security concerns from accessing them directly be? Is it worth preventing direct access to such files? They are receiving data using $_POST/$_GET sent trough contact forms and then either mailing it or writing it to a DB (in both cases after good validation).

Still, can the data that is being worked with there be accessed somehow (other than cracking my account and downloading them :)), since obviously opening such files in browser will not give any results to the attacker?

View 4 Replies View Related

Prevent Direct Access To The File Called Via Ajax?

Apr 14, 2011

I use jQuery when adding messages. However, the file can be called directly. For example: includes/add_comment.php?id=2 So, I can make a form and call this file directly to add a message. ID is user id and form can be submited with HTML form wherever are located. How to prevent direct access to the file when called through a Ajax?

View 3 Replies View Related

ADVERTISEMENT