How can I add one line into all php files' beginning?

So, ok. I have many php files and one index.php file. All files can't work without index.php file, because I include them in index.php. For example. if somebody click Contact us the URL will become smth like index.php?id=contact and I use $_GET['id'] to include contacts.php file. But, if somebody find the file's path, for example /system/files/contacts.php I don't want that that file would be executed. So, I figured out that I can add before including any files in index.php line like this $check_hacker = 1 and use if in ev开发者_如何转开发ery files beginning like this if($check_hacker <> 1) die();. So, how can I do it without opening all files and adding this line to each of them? Is it possible? Because I actually have many .php files. And maybe there is other way to do disable watching separate file? Any ideas?

Thank you.

You could put your index.php alone in your web directory. And put all the files it includes in another non web directory.

Let's say you website http://www.example.com/index.php is in fact /path/to/your/home/www/index.php, you can put contact.php in /path/to/your/home/includes/contact.php. No .htaccess, rewrite, auto appending. Just a good file structure and a server configured like needed.

Edit to detail my comment about using xamp :

In your httpd.conf file, add something like this :

<Directory "/path/to/your/site/root">
    Options Indexes FollowSymLinks
    AllowOverride all
    Order Deny,Allow
    Deny from all
    Allow from 127.0.0.1
</Directory>


<VirtualHost *:80>
    DocumentRoot /path/to/your/site/root
    ServerName www.example.org
</VirtualHost>

Then in your windows hosts file (in C:\Windows\System32\drivers\etc), add this line :

127.0.0.1   www.example.com

I would highly recommend to use the .htaccess file to rejects all requests for files diffrent to index.php but I am not quite sure how to do that propperly.

This might work (can't test it now) but it will also block requests to css, js and so on:

order deny,allow
<FilesMatch "\.php">
    deny from all
</FilesMatch>
<FilesMatch "(index.php)">
    allow from all
</FilesMatch>

If someone knows the right solution, please edit my answer. You might check this question: Deny direct access to all .php files except index.php

So you might have a FilesMatch only for php files in addition to the index.php rule.

EDIT: The new version of the code seems to work.

In response to Kau-Boy:

Place all your php files (except index.php) in a new directory and put the .htaccess file with the following contents:

deny from all

Make sure you don't put any images/css/jscript resources in this directory, because they will be blocked as well.

I'd use mod_rewrite in this case (if you are using Apache). It's much cleaner solution than writing gazillions of useless ifs in PHP.

This way, if someone wanted to "hack it" and tried /system/files/contacts.php, it'd redirect them to index.php?id=contact or whatever other site.

In your php.ini or in you htaccess set the following variable:

auto_prepend_file="[path to some .php file]"

This will include a header file of your choice that will be included before all php scripts on the system.

The php.ini directive auto_append_file, will create a footer that is included at the end of all PHP files on the system.

Check out the technique at http://www.electrictoolbox.com/php-automatically-append-prepend/

RewriteCond %{REQUEST_URI} system.*
RewriteRule ^(.*)$ /index.php?/$1 [L]

Will redirect any attempt to system folder back to root!