You can move the ifle outside the web root. Then set the path to the file in your fopen call. PHP will open file from anywhere on the comuter.

You're going to have to set up an authentication process that requires a login and password before displaying the file. One users with correct user/id combos gain access.

The problem is I can't put it outside the webfolder becuase it's not my server and I don't want to set an authentication becuase I need a script to access to that file. In that file, there a password that I need to get so I can access the database.

Leaving the file inside you webroot is going to allow anyone who knows where it is to type it in the browser and display it. ESPECIALLY without an authentication. I can't think of any way around this.

You may want to try to control it with a session variable. Find where you want to register the session, and set the

if(!session_is_registered("VARIABLE")) {
echo "Go Away";
}
else {
display the file
}

Is there to use the .htaccess to make my script able to access the file but require user to log in?

specifying deny from all in a .htaccess file works fine for me, and it doesn't hinder php scripts to read the files, only disallows direct access.

I keep database passwords in the php script using it.

I set it as a variable, connect, then clear the variable.

I use htaccess also. Should work great.

.htaccess should work. but if you don't want to use that then...

you said that you don't want to use an authentication because the script needs to access the file. Why don't you have a "web browser" authentication and configure your script to authenticate itself to access the file? seems easy enought to me.

so, how would you use the .htaccess w/ my script, can I have a little example, I tried once, but I think I was writing something wrong.