Skip to main content

How to prevent people from accessing the include files directly on the browser in php

PHP Script to prevent people from accessing the include files directly on the browser

If a single file has to be included then here is the sample code

index.php  where the file is to be included
___________

//define a constant "CALL_FROM_MAIN" in the main file
    define('CALL_FROM_MAIN', TRUE);
    include('folder/footer.inc.php');


and the footer file (for example) looks this way then

footer.inc.php ( the file to be inluded )
___________

// in the include file code check whether the constant "CALL_FROM_MAIN"  is set

    defined('CALL_FROM_MAIN') or die('file not found');
    echo('My Blog is www.crozoom.com');


So when someone tries to access the footer.php file directly then will get the "file not found" messages written on the screen. An alternative option is to redirect the person who wants to access the file directly to a 404 error page or any other location, so instead of the above code you would have to write the following in the footer.inc.php file.

    defined('CALL_FROM_MAIN') or header('Location: http://www.your website.com');
    echo('My Blog is www.crozoom.com');


Error 404 redirection

Adding a 404 header will not give the user any clue that the include-file even exists !!!

You can also prevent the access of include file by using .htaccess file

<files \.inc$="" ~="">
Order allow,deny
Deny from all
Satisfy All
</files>
Labels:

Popular posts from this blog

Strange problem occured while trying to create a CSV file using PHP Script - The file is not seen on FTP but can download using file's absolute path url

Strange problem occured while trying to create a CSV file - The file is not seen on FTP but can download using file's absolute path url Last day I came across a strange problem when I tried to create a csv file on therver using a PHP script. the script was simply writing a given content as a csv file. The file will be created runtime. What happened was, The script executed fine, file handler for new file was created and contents was wrote into the file using fwrite and it returned the number of bytes that was written.
Post a Comment
Read more

How to get the Query string of a URL using the Javascript (JS)?

JS function get the Query string of a URL or value of each parameter using the Javascript(JS)? If you want to get your current page's url var my_url=document.location; to get the query string part of the url use like this: var my_qry_str= location.search; this will return the part of the url starting from "?" following by query string Lets assume that your current page url is http://www.crozoom.com/2013/page.html?qry1=A&qry2=B then the location.search function will return " ?qry1=A&qry2=B " to exclue "?", do like this:
Read more


Urgent Openings for PHP trainees, Andriod / IOS developers and PHP developers in Kochi Trivandrum Calicut and Bangalore. Please Send Your updated resumes to recruit.vo@gmail.com   Read more »
Member
Search This Blog