How to restrict access to a PHP file?

Question

I\'d like to restrict access to a PHP file on my server. This PHP file takes data from an HTTP GET request and appends it to a file. Simple. But I don\'t want this PHP fi

Answer 1

Firstly you would need to implement ssl into your app else someone with little knowledge could simply have there phone connected on there wifi and sniff the traffic between the app and your site with wireshark or cain and abel ect. and get the url and any parameters passed, no need to disassemble anything.

App connects to your site and user logs in, whether its a guest or a member your server assigns the app a request id and this key/token is passed along with every request & validated within a session on your server.

The token would look like: UNIQUE_REQUEST_ID_ASSIGNED_BY_SERVER:APPsIP:APPsTIME Encrypt this string and send it as a $_GET['token']

Then on your server decrypt the string and explode() the string into its parts and check against a database or session that the request id,ip and the time match ect, if all is good do which ever.

Much like a secure login system assign a unique salt for each user and store that along side the users request id.

The bottom line is, just make it hard for an abuser to abuse the system. 99% of people wont even think to fiddle and the other 1% get there ips blocked.