Preventing direct access to php files

Question

Here is an example of my file structure.

/index.php
/inc
/inc/file1.php
/inc/file2.php
/inc/file3.php
/search.php

index.php includes() file1.php, file2.php, and file3.php. And I want them to be accessible by index.php only.

What's the most elegant solution available?

Thanks

Wrikken · Accepted Answer · 2011-08-03 17:37:07Z

7

Get them outside the document root:

/documentroot/index.php
/inc/file1.php
/inc/file2.php
/inc/file3.php

So, there is no direct access to them whatsoever.

answered Aug 3, 2011 at 17:37

Wrikken

70.2k8 gold badges98 silver badges136 bronze badges

1

If apache, and .htaccess is allowed, then put an .htaccess file in /inc with the lines: Order allow,deny & Deny from all.
– Wrikken
Commented Aug 3, 2011 at 17:46

Add a comment |

Jeune · Accepted Answer · 2011-08-03 17:47:25Z

2

In index.php you can define a constant like this:

define('RESTRICTED',1);

Then in your other pages you put this after <?php

if(!defined('RESTRICTED'))exit('No direct script access allowed!');

When the other pages are accessed directly the code above sees that RESTRICTED has not been set, hence it will exit.

answered Aug 3, 2011 at 17:47

Jeune

3,5385 gold badges44 silver badges54 bronze badges

Add a comment |

amigura · Accepted Answer · 2011-08-03 18:12:40Z

1

make a .htaccess file and put it in the inc folder

<Files .htaccess>
order allow,deny
deny from all
</Files>

<Files *.php>
order allow,deny
deny from all
</Files>

or put this at top of file you want to denie

if(strrchr($_SERVER['PHP_SELF'],'/')=='/file_name.php'){die;} // not good for ajax include

answered Aug 3, 2011 at 18:12

amigura

1395 bronze badges

Add a comment |

3 Answers 3