2

I have a script on my website allowing users to edit/create their account. I want to restrict direct access to the files through browser (ex.www.mydomain.com/cp/page/login.php or www.mydomain.com/cp/home.php) and allow only index.php to access these files. I tried with .htaccess but index.php cant access them. Also i can't move them out of public_html folder. Its not include folder. How i can achive that? Please let me now if you need something else.

Improve this question
5
  • can you post your existing .htaccess code? using it is the correct way Commented Nov 8, 2013 at 17:08
  • So what URL would a user navigate to in order to do actions such as login? Can you show your htaccess? Commented Nov 8, 2013 at 17:10
  • the url is www.mydomain.com/CP/index.php <Files *.php> Order Deny,Allow Deny from all Allow from 127.0.0.1 </Files> <Files index.php> Order Allow,Deny Allow from all </Files> Commented Nov 8, 2013 at 17:11
  • By "allow only index.php to access them" do you mean allow the actual script to read them from the file system? Or do you mean the page that's loaded on the browser's end which links to other php URLs and is thus referred to by the index.php file? Commented Nov 8, 2013 at 17:29
  • To allow the script to read them from the file system Commented Nov 8, 2013 at 17:34

2 Answers 2

Reset to default
5

One way of doing that is by using include or require calls from PHP:

include '/path/to/script.php';

include is handled by PHP on server side hence Apache blocks will not impact this.

Then you can keep your existing <Files> directives to block access to .php file:

<Files *.php>
Order Deny,Allow
Deny from all
Allow from 127.0.0.1
</Files>

<Files index.php>
Order Allow,Deny
Allow from all
</Files>
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Last seen 5 months ago. Doubt you're getting a green tick :(
2

One common way in PHP is to define something in index.php and check for it in the others:

//index.php
define('INDEX', true);

if(isset($_GET['page'])) {
    if($_GET['page'] == 'home') {
        include('cp/home.php');
    }
}


//home.php
if(!defined('INDEX') { die(); }
//more code
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.