File can be executed only using includes
I would like to know if this it's fine.
I need to block web access to file and make it only avaible from other php (ie: include)
if(strstr($_SERVER['PHP_SELF'], "filename.php")){
header('Location: http://www.website.net');
开发者_Go百科}
thanks in advance
The most common way is to define a constant in a parent script
define('BLA', true);
and check in your script if it exists:
if (!defined('BLA')) {
// redirect here
}
This is fine, but you can make it a little more generic by using this instead of manually entering the filename. $_SERVER["SCRIPT_NAME"]
will return the name of the file. This way, if you rename or copy the file, it's still protected.
You can also set file permissions to make the file inaccessible, and put it outside of the siteroot for good measure.
@zerkms also has an interesting suggestion.
精彩评论