I have a script on my website allowing users to edit/create their account. I want to restrict direct access to the files through browser (ex.www.mydomain.com/cp/page/login.php or www.mydomain.com/cp/home.php) and allow only index.php to access these files. I tried with .htaccess but index.php cant access them. Also i can't move them out of public_html folder. Its not include folder. How i can achive that? Please let me now if you need something else.
2 Answers
One way of doing that is by using include or require calls from PHP:
include '/path/to/script.php';
include is handled by PHP on server side hence Apache blocks will not impact this.
Then you can keep your existing <Files> directives to block access to .php file:
<Files *.php>
Order Deny,Allow
Deny from all
Allow from 127.0.0.1
</Files>
<Files index.php>
Order Allow,Deny
Allow from all
</Files>
-
1
One common way in PHP is to define something in index.php and check for it in the others:
//index.php
define('INDEX', true);
if(isset($_GET['page'])) {
if($_GET['page'] == 'home') {
include('cp/home.php');
}
}
//home.php
if(!defined('INDEX') { die(); }
//more code
answered Nov 8, 2013 at 17:21
<Files *.php> Order Deny,Allow Deny from all Allow from 127.0.0.1 </Files> <Files index.php> Order Allow,Deny Allow from all </Files>