Stop a user directly accesing a page

I have a page called create.php. It receives post variables and sets up accounts. I don't开发者_运维技巧 want that page to be accessible by a user. What's the conventional way of achieving this?

I think I remember reading something about including a page with a CONSTANT. If the CONSTANT is not present the page has been accessed directly. I think Wordpress also do it.

Place the the script in a directory other than your server's root, then include it.

If this page receives POST variables, why do you want it to not be accessible by a user?

Anyway, the usual way to ensure that is the following:

<?php
// index.php
define('IN_SCRIPT', true);

require_once('lib/create.php');

?>

<?php
// create.php
defined('IN_SCRIPT') or die('This page cannot be accessed directly.');

// your logic here

?>