Search code examples
phpapachesuphp

Is it possible to restrict all server requests to one php script


For the moment assume that I have access to my own server so I can write whatever index.html file I want. Is it possible to only allow myself to call one single php script on the server. For example if I have the following scripts in the /var/www/ directory:

divideByZero.php
socialSecurityNumber.php
blowUpAlderaan.php
lindsayLohan.php
login.php

and I want it so that I can do

<form action="login.php" method="post">...</form>

but not

<form action="blowUpAlderaan.php" method="post">...</form>

Note: this is not specific to POST, it could be GET or xmlhttprequest.

The reason I need this is because I am setting up a website where the clients store their index.html page and php scripts on their own unix account (on the server). To allow them to execute their php scripts with their own permissions, I am using suPHP. I am trying to avoid the situation where user1 issues the following from within their index.html page

<form action="user2/blowUpAlderaan.php" method="post">...</form>

and they execute someone else's function. If all requests went through logn.php, I could check the user's account name/user id and make sure to only invoke their script if they are indeed the owner of that script.


Solution

  • Various solutions, depending on what exactly you need.

    You could use ModRewrite to send all requests through a front-end controller. Most CMS systems and frameworks work that way.

    You could enable PHP only for specific directories.

    I'm not really sure what you want, it sounds as if person A should be allowed to execute a given script, and person B shouldn't. In that case you first need to figure out how your webserver knows who is who.