CODEWITHSUNDEEP
phphttp-redirectpermissionsheader
Osa
Osa

Reputation: 1990

PHP use header() for a specific page

I'm trying to block viewing a javascript page (.js) if user is not logged in, i wanna do it from the index.php page to write a 404 or 403 header, how is it done ?
note: i dont wanna use chmod since it globally change the file permissions and not for the visitor

header("HTTP/1.0 404 Not Found", "js.js");

js.js is a false parameter, just a sample of how i want it or something does a similar thing,

Upvotes: 0

Views: 469

Answers (5)

Samy Dindane
Samy Dindane

Reputation: 18706

This doesn't answer the question, but what can be done is simply to not require the JS script if the user doesn't have the necessary rights. What you're trying to do is an overkill with no added value.

<?php if ($isUserLoggedIn): ?>
    <script src="js.js" type="text/javascript"></script>
<?php endif; ?>

Upvotes: 0

Kris
Kris

Reputation: 6122

You will need a seperate script for this. Such as

file.php

$file = $_GET['file'];
//whitelist files
$filelist = array('js.js');
if(in_array($file, $filelist))
{
    header('Cache Control: No-store');
    header('Content-Disposition:inline;filename="' . $file . '"');
    include "../files/$file";

}

to use it

<script src="files.php?file=js.js"></script>

and put your files in a non web accessible location

Upvotes: 2

gview
gview

Reputation: 15371

People have suggested how you can do this. Here is one practical solution.

As mentioned, you write a script that does your session checking and redirects with a header() call to whatever error handling solution you want.

I would not advocate you call the script js.js.php. In general you don't want to allow files with somename.somename.ext due to intrinsic issues with apache.

So instead, simply name your script js.js. However, the source for js.js should be php code that does the session check, and if ok, returns the javascript source, with the appropriate mime type header.

Then in your htaccess for the directory you can add a custom Files rule:

<Files js.js>
SetHandler application/x-httpd-php
</Files>

Apache will then treat js.js as a php file, even though this functionality is otherwise invisible.

Upvotes: 0

Sergey Eremin
Sergey Eremin

Reputation: 11080

There is no secure way to do that except giving out *.js using a separate php script. In this script you would check user's cookie/session data and then readfile() the js you want to protect.

This is a really hacky way... why do you need it?

Upvotes: 0

DrinkJavaCodeJava
DrinkJavaCodeJava

Reputation: 808

You could create your own 404 page and use the include function for it in the part of the file you want it.

Upvotes: -1

Related Questions