Deny Direct access to a file..

kikki

Hi guys,
I wonder if there is a any good way to deny direct access to a php file?
If you guys know any good solutions, pls share with me, thanks.

frost110

chmod the file to 000 for no one to access it.

--FrosT

bpat1434

You can do the same in apache with a .htaccess file:

<FilesMatch "^\.ht">
  Order allow,deny
  Deny from All
</FilesMatch>

So, if you wanted to deny access to "membership.xls" ( a members list in excel ):

<FilesMatch "^members.xls">
  Order allow,deny
  Deny from all
</FilesMatch>

kikki

thanks for the replies guys, I want to be able to access myself with php only, which means.. using require/include I want the same file to be function normally, I jst don't want others to open the file directly like: foobar.php..

chmod 000, means file can't be used by anyone, not even by myself(php/apache).. 🙂

bpat1434, are u sure PHP can bypass the .htaccess.. means can php still read that file(foobar.php) without accessing directly?

frost110

chmod 660

disallow public.

--FrosT

kikki

frost110 wrote:
chmod 660

disallow public.

--FrosT

thanks, but can php still read the foobar.php file using require/include?

it seems php cannot read that file after setting up chmod 660, it gives: failed to open stream: Permission denied in Unknown on line 0

bpat1434

depends upon who owns it....

I'd say, since you want to view it through php (and not just be able to see it), your best bet is a permissions system... but I can't say much more than that.

kitchin

file.php:
define('LETMEIN',1);
require('file2.php');
...

file2.php:
if (!defined('LETMEIN')) { exit; }
...

But .htaccess would work too, and also chmod depending on ownership & server settings.

samudasu

If you want to stop people from running a page directly from a url like: http://www.example.com/foobar.php, here is one solution.

Example directory structure where all of your pages are below htdocs - /usr/local/apache/htdocs/

Make a new directory above htdocs: /usr/local/apache/incfiles/
Put files you want use with include, require, etc in that directory.
If /usr/local/apache/htdocs/index.php requires an include file then you would write include'../incfiles/foobar.php'; in the code of index.php.
Anything file under incfiles directory will be impossible to run from a url but you'll be able to open them with require, include, etc.

kikki

Thanks for the replies guys, nice ideas.. I will try one by one and let you guys know.. thankyou.

I think keeping the file away from htdoc seems cool.. let me try.. 🙂

defining is nice too, but I wonder if this will work without including the file2(like session?).. jst thought abt it.