I have written some php scripts that i want to use on my website for a win32
application, i need to make sure these scripts can not be accessed via the
browsers directly and only allow my application to access them...
Any help of directions welcome...

thnkas in advance..

roger wrote:
> I have written some php scripts that i want to use on my website for a win32
> application, i need to make sure these scripts can not be accessed via the
> browsers directly and only allow my application to access them...
> Any help of directions welcome...


If the path to your web pages is /home/username/public_html/ you could
put "include files" at /home/username/. I formerly did this, then
without warning, the web host upgraded server software, changed the path
to the root directory and crashed 10 client sites all at once.
Subsequently I placed "include files" in a subdirectory that was
password protected using .htaccess on Apache. PHP code could be
retrieved from a MySQL table and run through eval() ... however I also
read somewhere that if eval() is the answer, then the wrong question is
being asked.

roger wrote:
> I have written some php scripts that i want to use on my website for a win32
> application, i need to make sure these scripts can not be accessed via the
> browsers directly and only allow my application to access them...
> Any help of directions welcome...
>
> thnkas in advance..
>

Well presuming your application uses HTTP to retrieve the pages you
could send your php pages a unique client name (in plaze of IE or
Mozilla etc etc) and have your pages respond only to that 'browser'.

http://www.w3.org/Protocols/rfc2616/rfc2616-sec3.html#sec3.8

Thanks...this is what i did and it works fine by making a custom
HTTP_USER_AGENT setting prior to posting to my website. for those interested
in using the following
$localenv=$_SERVER['HTTP_USER_AGENT'] ;
$remoteenv="someweirdvalue"; # value set in the app for the agent of the
socket connection

if($localenv<>$remoteenv)
{
print("<center>Access to this page via your browser is denied\n<h1>IP logged
as $ip</h1></center>");
die();
}


"JAS" <dubyadubyadubya [at] gmail.com> wrote in message
news:41d535e2_2 [at] newspeer2.tds.net...
> roger wrote:
> > I have written some php scripts that i want to use on my website for a
win32
> > application, i need to make sure these scripts can not be accessed via
the
> > browsers directly and only allow my application to access them...
> > Any help of directions welcome...
> >
> > thnkas in advance..
> >
>
> Well presuming your application uses HTTP to retrieve the pages you
> could send your php pages a unique client name (in plaze of IE or
> Mozilla etc etc) and have your pages respond only to that 'browser'.
>
> http://www.w3.org/Protocols/rfc2616/rfc2616-sec3.html#sec3.8

.oO(DH)

>If the path to your web pages is /home/username/public_html/ you could
>put "include files" at /home/username/. I formerly did this, then
>without warning, the web host upgraded server software, changed the path
>to the root directory and crashed 10 client sites all at once.

Don't hard-code such paths. The home directory will be different on
every server. Use predefined server variables instead, e.g.

define('INCLUDE_PATH', $_SERVER['DOCUMENT_ROOT'].'/../include');
require_once INCLUDE_PATH.'/foo.inc';

Now the host can upgrade and change whatever he wants.

Micha