保护php文件不被直接访问
[英]Protect php files from direct access
问题描述
This is what the map of my website looks like: 
这就是我网站的地图:
root:
-index.php
-\actions\ (various php files inside and a .htaccess)
- \includes\ (various php files inside and a .htaccess)
- .htaccess
I know that if I use "deny from all" in actions and includes directories, the files in them will be secured from direct access. 我知道如果我在动作中使用“拒绝所有人”并包含目录,那么其中的文件将受到直接访问的保护。
Now, my actions folder has many php files that are called by index.php (forms). 现在,我的actions文件夹有许多由index.php (窗体)调用的php文件。 I have "deny from all" in .htaccess inside \\actions , but then I have the forbiden access to that files. 我在\\actions中的.htaccess “拒绝了所有人”,但后来我对该文件进行了forbiden访问。
So, how can I protect the files from direct url access but have the exception that can be called from index.php ? 那么,如何保护文件免受直接url访问,但是有可以从index.php调用的异常?
2 个解决方案
解决方案1
6 已采纳 2013-06-25 18:38:22
The easiest way is to place a constant in the index.php and check in the other php files if this constant exists. 最简单的方法是在index.php中放置一个常量,并检查其他php文件是否存在此常量。 If not, let the script die. 如果没有,让脚本死掉。
index.php 的index.php
define('APP', true);
various.php various.php
if(!defined('APP')) die();
解决方案2
1 2013-06-25 18:40:31
If you want to block using .htaccess then most likely the best way of adding the exception is to add it to the same .htaccess file. 如果你想阻止使用.htaccess那么添加异常的最好方法就是将它添加到同一个.htaccess文件中。 If you want to prevent PHP script from working (but not from being "visible"), then simply look for certain condition (like session variable, constant) at the begining of your scripts. 如果你想阻止PHP脚本工作(但不是“可见”),那么只需在脚本开头查找某些条件(如会话变量,常量)。 Unless these scripts are invoked "the right way", these requirement will not be ment, so it'd be safe to just die() then 除非这些脚本以“正确的方式”调用,否则这些要求将无法实现,因此只有die()才能安全
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.