Preventing direct access to php files
Here is an example of my file structure.
/index.php
/inc
/inc/file1.php
/inc/fi开发者_开发知识库le2.php
/inc/file3.php
/search.php
index.php includes() file1.php, file2.php, and file3.php. And I want them to be accessible by index.php only.
What's the most elegant solution available?
Thanks
Get them outside the document root:
/documentroot/index.php
/inc/file1.php
/inc/file2.php
/inc/file3.php
So, there is no direct access to them whatsoever.
In index.php you can define a constant like this:
define('RESTRICTED',1);
Then in your other pages you put this after <?php
if(!defined('RESTRICTED'))exit('No direct script access allowed!');
When the other pages are accessed directly the code above sees that RESTRICTED has not been set, hence it will exit.
make a .htaccess file and put it in the inc folder
<Files .htaccess>
order allow,deny
deny from all
</Files>
<Files *.php>
order allow,deny
deny from all
</Files>
or put this at top of file you want to denie
if(strrchr($_SERVER['PHP_SELF'],'/')=='/file_name.php'){die;} // not good for ajax include
精彩评论