How do you make your PHP able to read a file ....

vboyz

How do you make your PHP able to read a "file" on the website but won't allow other people to read or use the "file" ?

wil

You can move the ifle outside the web root. Then set the path to the file in your fopen call. PHP will open file from anywhere on the comuter.

bricca

You're going to have to set up an authentication process that requires a login and password before displaying the file. One users with correct user/id combos gain access.

vboyz

The problem is I can't put it outside the webfolder becuase it's not my server and I don't want to set an authentication becuase I need a script to access to that file. In that file, there a password that I need to get so I can access the database.

LordShryku

Leaving the file inside you webroot is going to allow anyone who knows where it is to type it in the browser and display it. ESPECIALLY without an authentication. I can't think of any way around this.

You may want to try to control it with a session variable. Find where you want to register the session, and set the

if(!session_is_registered("VARIABLE")) {
echo "Go Away";
}
else {
display the file
}

vboyz

Is there to use the .htaccess to make my script able to access the file but require user to log in?

xblue

specifying deny from all in a .htaccess file works fine for me, and it doesn't hinder php scripts to read the files, only disallows direct access.

DoD

I keep database passwords in the php script using it.

I set it as a variable, connect, then clear the variable.

LordShryku

I use htaccess also. Should work great.

juschillinnow

.htaccess should work. but if you don't want to use that then...

you said that you don't want to use an authentication because the script needs to access the file. Why don't you have a "web browser" authentication and configure your script to authenticate itself to access the file? seems easy enought to me.

vboyz

so, how would you use the .htaccess w/ my script, can I have a little example, I tried once, but I think I was writing something wrong.

mogster

Erm...
is it a file used for connecting to db, with dbuser/dbpass?
If it is, just save it in your webfolder with ending .php (or what the server uses for parsing php).
If you don't actually echo the password, anyone accidentally 😉 running the script would see nothing but a blank page.

It's not bulletproof, but very common.
But you should probably kick your provider a bit for not providing the public_html as a subdir of your main directory.

😃

knutm