I have a couple of files (Ex: config, header/footer) which I am using as includes throughout my website. However; I want to restrict viewing of these files. I want them only to be able to be used as includes within my website. No direct url viewing or access. I am guessing I need to do this through PHP or should I use the htaccess parameters on my server? Also; is it possible to use PHP to check whether the refering url to a page originated from my own server?
Thanks in advanced.
Your best bet is to move them outside the public_html folder.
Other than that, block them with an htaccess file (assuming your under linux). You can try this for example, http://www.cs.cmu.edu/~help/web_publishing/restrict_web_access.html
http://uk.php.net/manual/en/reserved.variables.server.php look at HTTP_REFERER
While I'd first recommend the things dougal85 suggested, if they are not practical for some reason, you could start out your include files with:
<?php if(realpath(__FILE__) == realpath($_SERVER['SCRIPT_FILENAME'])) { die('Not allowed'); }
Thanks for the replies. NogDog: May I ask what exactly does that code do? Thanks
It checks to see if the full path of the current file being processed (which will be the include file when within an included file) is the same as the main file that was initially called by the HTTP request. The realpath() functions are used to ensure that the same file pathnames do not look different due to different path separators or use of symbolic links.
