What if everytime you were going to redirect you saved a value in the $_SESSION variable. So you have

如果每次您要重定向时都在 $_SESSION 变量中保存了一个值，该怎么办。所以你有了

//code
$_SESSION['fromMain'] = "true";
header("Location: noaccess.php");

Then in noaccess.php put

然后在 noaccess.php 中放入

if($_SESSION['fromMain'] == "false"){
   //send them back
   header("Location: foo.php");
}
else{
   //reset the variable
   $_SESSION['fromMain'] = "false";
}

I really don't know if this would work or not, but this is what I would try off the top of my head.

我真的不知道这是否可行，但这是我最想尝试的。

try this

尝试这个

if (!isset($_SERVER['HTTP_REFERER'])){

   echo "uh?"; }

else {

   // The script
 }  

I think you're probably coming at the problem from the wrong direction, but if you really want to implement this I'd most likely do it with a session variable. Just have main.phpset a flag indicating that they're now able to access noaccess.phpand then redirect there. noaccess.phpchecks for the flag, and only functions if it's been set.

我认为您可能是从错误的方向来解决问题的，但是如果您真的想实现这一点，我很可能会使用session variable 来实现。刚刚main.php设置了一个标志，表明他们现在可以访问noaccess.php然后重定向到那里。noaccess.php检查标志，并且只有在设置时才起作用。

I know this has already been answered. Although the answers are good, I was just facing the same situation so I thought I would put my two bit in.

我知道这已经得到了回答。虽然答案很好，但我只是面临同样的情况，所以我想我会投入我的两个部分。

I would not use HTTP_REFERER It is not reliable and not every browser even shows it.

我不会使用 HTTP_REFERER 它不可靠，并不是每个浏览器都显示它。

I would not use a session variable as that is stateful and you will have to write more lines of code to check it on every request leading to unnecessary bloat.

我不会使用会话变量，因为它是有状态的，您将不得不编写更多的代码行来检查每个导致不必要膨胀的请求。

Ideally I would create a controller class with two functions main and no access

理想情况下，我会创建一个控制器类，其中包含两个函数 main 和 no access

Or If you dont want to go through that trouble, I would create a variable which is globally accessible in noccess.php with a simple true false.

或者，如果您不想遇到那个麻烦，我会在 noccess.php 中创建一个可全局访问的变量，并带有一个简单的 true false。

This is what I would do:

这就是我会做的：

class Access{

    protected $access = false;

    public function main(){
        //Authenticate and set
        include_once 'main.php';
        $this->access = true;
    }

    public function no access(){
        if($this->access === true){
            include_once 'no access'.php;
        }else{
            header('location: main.php');
        }
    }
}

Or if you dont want to go through that trouble You could create a simple function or set a simple variable which is accessible from noaccess.php:

或者，如果您不想遇到麻烦，您可以创建一个简单的函数或设置一个可从 noaccess.php 访问的简单变量：

//main.php
$access = false;

header('location: noaccess.php');

//noaccess.php
include 'main.php';
if($access){
    //Continue
}else{
    header('location: main.php');
}

Im sure you could simplify this, but this would be the simplest and safest approach rather than relying on server variables. I would not use a $_SESSION or $_POST as that means unnecessarily posting a form when all you want to do is secure access

我相信你可以简化这个，但这将是最简单和最安全的方法，而不是依赖服务器变量。我不会使用 $_SESSION 或 $_POST ，因为这意味着当您只想安全访问时不必要地发布表单

To prevent access to pages, the best practice is to use session variables say $_SESSION['username']and $_SESSION['password']to check against your database table record assuming your table name is "users", the fields 'username'and 'password'in order for users to gain access to the page, else they are redirected to the log in page for them to supply the correct username and password through the input field.

为了防止访问页面，最佳做法是使用会话变量 say$_SESSION['username']并$_SESSION['password']检查您的数据库表记录，假设您的表名是"users"，字段'username'和'password'以便用户获得访问页面，否则他们将被重定向到登录页面，以便他们通过输入字段提供正确的用户名和密码。

Below is an anatomy of Preventing Direct Access to a PHP Page.

下面是防止直接访问 PHP 页面的剖析。

session_start();

$username=$_POST['username'];
$password=$_POST['password'];

$query="select * from users where username='$_SESSION[username]' and     password='$_SESSION[password]'";

$result=mysql_query($query);

if($result)
{

echo "Your login was successful..";// the page you want to go to if login successful
{
else
{

header("Location:index.php?action=login");//any page you want to return to if log in failed
}

You tried on this Iva. Below is the code that works:

你试过这个 Iva。下面是有效的代码：

$url != 'your-url-which-you-do-not-what-direct access';

if ($_SERVER['HTTP_REFERER'] == $url) {
  header('Location: otherurl.php'); //redirect to some other page
  exit();
}

Ensure this appears at the top of the page where you do not want direct access to.

确保它出现在您不想直接访问的页面顶部。

You can use $_SERVER["HTTP_REFERER"]. Put the following code in the beginning of your php file and set $url to be equal of your desired url for example http://a.com/main.php

您可以使用 $_SERVER["HTTP_REFERER"]。将以下代码放在 php 文件的开头，并将 $url 设置为等于您想要的 url，例如http://a.com/main.php

if ($_SERVER['HTTP_REFERER'] != $url) {
    header('Location: noaccess.php');
    exit();
}

Why not to just includeinstead of redirect?

为什么不只是include而不是重定向？

The other folks are right there are issues with $_SERVER["HTTP_REFERER"] so I guess the best way will be to have a variable set into a $_SESSION or $_POST and you will need to check if that variable exists, if not it means it is a direct access.

其他人是对的， $_SERVER["HTTP_REFERER"] 存在问题，所以我想最好的方法是将变量设置为 $_SESSION 或 $_POST，您需要检查该变量是否存在，如果不存在意味着它是直接访问。