Geek Answers Handbook

Make php files hidden from the outside world

There are several php files on my php website, some of them are for the user interface, and some of them are auxiliary files (files that exchange data through the database and with each other to return the result). Now I need the user to not be able to execute auxiliary files from his direct URL.

eg mydomain.com/login.php ---------- (Interface file, must be accessible to user) mydomain.com/login_handle.php ----(Healper file, must not be accessible to user)

So, I need the user to be able to execute and view mydomain.com/login.php, but not to execute mydomain.com/login_handle.php, and login.php and handle_login.php are in communication and can talk to each other. Thanks,

Edit: Sorry, but I'm using shared hosting, and there is no folder other than public_html .

+6
source share
2 answers

The first things I would try:

  • Move incoming files outside the document root

  • Move the incoming files to another folder and protect them using .htaccess . Also, rename your include files to end with .inc and create a rule based on this.

  • Make sure that the included files do not display anything; it is not very safe, but if your file contains only functions, class definitions, etc. without any output, it will simply show a blank page.

The hacker approach for this can be performed using constants:

index.php

 <?php define('MY_CONSTANT', '123'); include('helper.php');

helper.php

 <?php if (!defined('MY_CONSTANT')) { exit; } // we were called from another file // proceed

Edit

Approach number 2 on top can be done as follows:

  • Create a folder under public_html , for example. includes/

  • Move all files that should only be included in this folder

  • Add the following .htaccess inside:

     <FilesMatch "\.php$"> Order allow, deny Deny from all </FilesMatch>
+4
source

Try using .htaccess.

Instead of 127.0.0.1 of this ip, you need to put your server IP address.

 <Files login_handle.php> Order Allow,Deny Deny from all Allow from 127.0.0.1 </Files>
+1
source

More articles:


All Articles