html form submit method post and limiting access to the post file_问答_开发者

html form submit method post and limiting access to the post file

开发者 https://www.devze.com 2023-02-16 17:01 出处：网络

I have 2 files, index.html and code.php. In my html page, I have a form which posts to the code.php on submit like this:

I have 2 files, index.html and code.php.

In my html page, I have a form which posts to the code.php on submit like this:

<form method="post" action="code.php">

What I am trying to do is only make the code.php accessible to the public when the user clicks submit on the html form. The reas开发者_JS百科on why I am trying to get this done is when the user types in sites.com/code.php it displays a page which isnt processed with the form data and it looks bad, so I want to limit the code.php access.

So basically what I want to do is, when the user goes to sites.com/code.php, they would get redirected to index.html but if they go through the form and hit submit, they'll be able to get to the processed code.php.

I thought of different ways to do this and one of the ways was to change the chmod of code.php with some php script. So by default code.php would not be readable but if the user clicks on submit, the chmod for the code.php wpuld be changed to readable hence displaying the page, but then there is no way to redirect the users to index.php when they just visit code.php.

If there is some fancy way of dong this, please let me know! Thanks.

What you can do is to redirect back to the index.html page when the form is not being posted.

You can do that checking the REQUEST_METHOD variable.

if($_SERVER['REQUEST_METHOD'] !== 'POST')
{
  Header('Location: http://www.mysite.com/index.html');
  exit;
}

Just set up a redirect like:

<?php
if(!isset($_POST['submit'])) //If form has not been submitted to get to this page
{
     header('Location: http://www.domain.com/');  //Redirect
     die; //Make sure script ends processing
}


//Rest of code.php
?>

This way if someone comes to code.php outside of the required navigational structure, they just get bumped back to the index.

You could also keep it all on one page, have the form submit to itself, and include the code to process it through a require() or include() if the form has been submitted, display the form if it hasn't been submitted or if there were errors with the submission, and and display the results of the submission otherwise, thus not even exposing the fact that there is an external php file.

The other alternative will be to check the HTTP_REFERRER in code.php. HTTP_REFERRER provides the source from which the current user reaches a page. You can redirect the user to the index.html in case HTTP_REFERRER is not index.html.

<?php
$ref = $_SERVER["HTTP_REFERER"];
if ( $ref !== 'http://www.mydomain.com/index.html' )
{
    header("Location:http://www.mydomain.com/index.html");
    exit;
}
?>