Make php files hidden from outside world
Solution 1
The first things I would attempt:
Move the included files outside of the document root
Move the included files inside another folder and protect it using
.htaccess. Alternatively, rename your include files to end with.incand create a rule based on that.Make sure the included files don't output anything; this is not really secure, but if your file only contains functions, class definitions, etc. without producing any output, it would just show an empty page.
The hackish approach for this can be accomplished by using constants:
index.php
<?php
define('MY_CONSTANT', '123');
include('helper.php');
helper.php
<?php
if (!defined('MY_CONSTANT')) { exit; }
// we were called from another file
// proceed
Edit
The number 2 approach from above can be done by:
Create a folder underneath
public_html, e.g.includes/Move all the files that should be included only into this folder
Add the following
.htaccessinside:<FilesMatch "\.php$"> Order allow, deny Deny from all </FilesMatch>
Solution 2
Try to use .htaccess.
Instead of 127.0.0.1 this ip, you need to put your server ip address.
<Files login_handle.php>
Order Allow,Deny
Deny from all
Allow from 127.0.0.1
</Files>
Abhishek Bhardwaj
Updated on June 09, 2022Comments
-
Abhishek Bhardwaj almost 2 years
My php website have multiple php files , some of them are for user interface and some of them are helper files(the files, which communicates through database and each other to return a result). Now I need that user can't execute the helper files from their direct url's.
e.g. mydomain.com/login.php ---------- (Interface file, must be accessible to user) mydomain.com/login_handle.php ----(Healper file, must not be accessible to user)So I need is user can execute and browse mydomain.com/login.php but must ot be able to execute mydomain.com/login_handle.php, while login.php and handle_login.php keep communicate and can access each other. Thanks,
Edit: Sorry but I'm using shared hosting and there is no folder other than public_html.