Home/ Questions/Q 899087
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-15T15:09:31+00:00

I am a beginner in PHP. How can I restrict user access to controller.php

  • 0

I am a beginner in PHP.

How can I restrict user access to controller.php and allow access to it only via view.php?

My proposal:

I don’t know if this is proper, or how to avoid robots accessing it directly.

view.php:

  <?php
    session_start();
    $_SESSION['isFromView'] = true;
    ?>

  <html>
   <body>
    <form action="controller.php">
    <input type="submit"/>
    </form>
   </body>
  </html>

controller.php

<?php
   session_start();
   if(!isset($_SESSION['isFromView'])||!$_SESSION['isFromView']){exit();}
   else{

   //code here

   $_SESSION['isFromView']=false;
   }
?>

Please write what do I miss and in which way my controller can be access directly or other security problem (if you can examples please).

Edit:

In case that I dont have user login it can be secured by killing the session it controller.php after code executed, then when the user return to view.php new session ID will be created.

In most cases, though, we cannot kill the session because of other components of the site.

Thanks

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    The solution proposed is fine. Alternative solutions:

    1. use some hash in some hidden field in view.php form (in view.php create some md5(‘secret’) and then check that in controller.php). This solution is the most secure approach.
    2. check the referral url (I strongly disagree because it’s security issues) – $_SERVER[‘HTTP_REFERER’]. This variable can easily be spoofed (changed by the client) so it’s a security risk to rely on it.
    • 0