Home/ Questions/Q 917403
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-15T18:12:22+00:00

There is this PHP script on my website which I don’t want people to

  • 0

There is this PHP script on my website which I don’t want people to be able to run by just typing its name in the browser.

Ideally I would like this script to be run only by registered users and only from within a Windows app (which I will have to provide). Can this be done ?

Alternatively, how can I protect this script so that it can only be called from a specific page or script?

Also how can I hide the exact URI from appearing on the address bar?

Thanks !

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    If you are running Apache for your webserver, you can protect it with a username/password combo using .htaccess. It takes a little configuration if your server is not already configured to allow .htaccess. Here are the Apache docs.

    If you need authentication based on application-specific factors, you can put something at the top of your script like

    <?php
  if(!$user->isLoggedIn()) {
    // do 404
    header('HTTP/1.0 404 Not Found');
  }

    Do you have a question about how you would implement isLoggedIn?

    You can also use mod_rewrite to rewrite URIs, and those directives can go inside your .htaccess as well. mod_rewrite can rewrite incoming requests transparently (from the browser’s perspective) so a request for /foo/bar can be translated into secret_script.php/foo/bar. Docs for mod_rewrite.

    However you decide to implement this, I would urge you to not rely solely on the fact that your script’s name is obscure as a means to secure your application. At the very least, use .htaccess with some per-user authentication, and consider having your application authenticate users as well.

    • 0