Making a file accessible to scripts but not users

Question

I have uploaded scripts to users servers. I don't want others to access this script through the browser, However, I want a script to be able to access it.

Placing the file outside of the public_html is not an option here,because it really needs to be in the public_html. Any ideas??? thanks.

Answer 1

Put some variable before the include so you know where it is being called:

index.php:

$open = true;
include 'open.php';

open.php:

<?php
   if(isset($open) && $open){
      //do what it is supposed to do 
   }
   else {
      header("HTTP/1.1 403 Forbidden");
      exit;
   }
?>

Answer 2

If by scripts you mean server-side, you can add a .htaccess file in the folder concerned:

deny from all

If however by script you mean client-side, then ultimately you can't.

Answer 3

You could make the path accessible only to authenticated clients and provide the credentials only to your script.

If it's to be accessed through the browser, then users and scripts are both "clients" and you cannot differentiate between them (except using flimsy tricks like user agent sniffing etc.)

Answer 4

Making a file accessible to users or sripts is pretty much synonymous. You're not going to get one without the other. Users can always mimic scripts.

Answer 5

The included php file that you want to keep away from users can be placed outside your DOCUMENT_ROOT and still be included in your other scripts.

That way included php file can never be accessed by your web users. In fact that is a good secured way of storing your database connection credentials.

Answer 6

The best way to do it is to put it outside of the public_html directory. There should be no reason that is HAS to be in the public_html directory if only your script is going to access it.