Computer Science Canada .htacess |
| Author: | nonamedude [ Wed May 25, 2011 2:17 pm ] |
| Post subject: | .htacess |
Hey guys, I want to prevent users who dont have a link to a certain file from accessing it. So far I have tried doing this, <files delete_comments.php> order allow,deny deny from all </files> So when I do this, it blocks all users even if they have a link to it. So I am just wondering what I have to put in my htaccess file so that users that do not have a link to delete_comments.php cannot access it. |
|
| Author: | Amailer [ Wed May 25, 2011 2:32 pm ] |
| Post subject: | RE:.htacess |
Are you trying to stop hotlinking? http://altlab.com/htaccess_tutorial.html I assume that's the case, otherwise I'm a bit confused. If someone does not have a link to a file; how can they access it in the first place (they don't know it exists)? |
|
| Author: | nonamedude [ Fri May 27, 2011 10:14 am ] |
| Post subject: | Re: .htacess |
If the people who do not have a link to the file, they can find links in my source code by pressing "view source code". I just want to prevent people from browsing using URL's. Is there a way to do this? |
|
| Author: | Tony [ Fri May 27, 2011 10:35 am ] |
| Post subject: | RE:.htacess |
How is the link from the source file different from the link obtained else-how? |
|
| Author: | Amailer [ Fri May 27, 2011 10:37 am ] |
| Post subject: | RE:.htacess |
I assume this is an AJAX request to the delete_comment.php correct? If so check out: http://www.electrictoolbox.com/how-to-tell-ajax-request-php/ [Edit] Check out http://stackoverflow.com/questions/3466802/deny-ajax-file-access-using-htaccess for a possible .htaccess solution |
|
| Author: | nonamedude [ Fri May 27, 2011 11:05 am ] |
| Post subject: | Re: .htacess |
"How is the link from the source file different from the link obtained else-how?" Meaning that on my website, certain users have certain privleges. Those who have the highest priveleges have a link to acess to the delete_comment.php. So they can actually acess the file through the website, and not by changing the URL. |
|
| Author: | nonamedude [ Fri May 27, 2011 11:06 am ] |
| Post subject: | Re: .htacess |
And I am not using ajax to delete comments, it is just reloading the entire page again. |
|
| Author: | Tony [ Fri May 27, 2011 11:13 am ] |
| Post subject: | RE:.htacess |
Typically delete_comment.php would check if the current user is logged in and has proper privileges. If so, proceed; else return. |
|