I'm working on this PHP page wich includes different pages like header.php . What I want is when you go to header.php, it redirects you to the homepage. I tried using header but when I include it, it keeps redirecting me. I think it's possible with an if statement with $_SERVER, but I don't know how.
Anyone can help me out? Thanks in advance!
The best way to do this is to create a constant on your main landing page, so let say index.php is one of your main landing pages.
You would create a constant within there, and then do a check in all your sub templates that should only ever be included by a main page.
Example:
<?php
define("IN_VIEW",true);
require_once "header.php";
And then within header.php you can just to make sure that IN_VIEW is defined
<?php
if(!defined("IN_VIEW"))
{
die("Direct Access Forbidden");
}
//Header Here
If its not defined, then obviously the page has been loaded directly and not from index.php.
And then for every other "in-direct" page that should be secured you just place the three lines at the head of the file, and make sure the constant has been defined in your main pages (index,login,logout) etc.
if($_SERVER["PHP_SELF"] == "header.php") {
header("Location: index.php");
}
Although this isn't best practice. You shouldn't allow users to be able to access the PHP files in the first place. The simplest method of disallowing users access to this type of file is by moving the file above the document root, meaning it is impossible to request the header.php file via HTTP.
Another solution is to simply redirect everything to index.php so that direct access to any other script is prevented. On apache for example you can do this using .htaccess as follows:
RewriteEngine On
# redirect everything to index.php except exceptions
RewriteCond %{REQUEST_URI} !/robots\.txt$
RewriteCond %{REQUEST_URI} !/favicon\.ico$
RewriteCond %{REQUEST_URI} !/static/
RewriteRule ^(.*)$ index.php [L]
You can specify some exceptions such as your robots.txt file, and images directory.
