Restrict direct access to .php files through browser and allow only index.php to access them
Question
I have a script on my website allowing users to edit/create their account. I want to restrict direct access to the files through browser (ex.www.mydomain.com/cp/page/login.php or www.mydomain.com/cp/home.php) and allow only index.php to access these files. I tried with .htaccess but index.php cant access them. Also i can't move them out of public_html folder. Its not include folder. How i can achive that? Please let me now if you need something else.
2 answers
solution1
5 2013-11-08 19:27:30
One way of doing that is by using include or require calls from PHP:
include '/path/to/script.php';
include is handled by PHP on server side hence Apache blocks will not impact this.
Then you can keep your existing <Files> directives to block access to .php file:
<Files *.php>
Order Deny,Allow
Deny from all
Allow from 127.0.0.1
</Files>
<Files index.php>
Order Allow,Deny
Allow from all
</Files>
solution2
2 2013-11-08 17:21:55
One common way in PHP is to define something in index.php and check for it in the others:
//index.php
define('INDEX', true);
if(isset($_GET['page'])) {
if($_GET['page'] == 'home') {
include('cp/home.php');
}
}
//home.php
if(!defined('INDEX') { die(); }
//more code
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.