0

Silly question, but I'm stuck. After month, I want to go live with my project and thought: preventing pagevisitors from accessing files that are not created for direct user access - CHMOD will do this in seconds for you...

The situation- This is the tree of my root folder:

/index.php
/content/home.php
/content/page2.php

It's kind of a template system. Index.php is the wrapper. And home.php or page2.php are files with the page content. Common situation I thought. So I changed the filepermission with filezilla of the folder "content" and all subfolders an files to Owner permission "read, write, execute = yes" and Group and Public to none.

But if I try to access www.mypage.com/content/home.php the access is given.

Thought CHMOD restricts the access via browser (public permission) and only gives index.php the right to access the files and include them within index.php.

halfer
  • 19,824
  • 17
  • 99
  • 186
Brill
  • 13
  • 1
  • 4
  • It'd be better to store those files outside of the document root, and then clients _definitely_ can't access them, even if you accidentally reset folder permissions. – halfer Sep 06 '13 at 20:24
  • Read this in another post. But I can't access the pre root level, cause I'm on a shared server. – Brill Sep 06 '13 at 20:36
  • You can still do that on most shared servers afaik - your doc root is in "public_html" or similar, but you should have access to one level above that. Failing that, you can always deny access using an ".htaccess" file in your "content" folder. – halfer Sep 06 '13 at 20:47
  • No, I hosting on 1und1.de a german hoster. Thinks its known as 1and1.com in US. Can't go above the root folder. But thank you for your answer. I think I will I'll use the .htaccess . Is there a way to output a 404 with htaccess? – Brill Sep 06 '13 at 20:56
  • Yep, [see here](http://stackoverflow.com/questions/2447106/redirect-to-apache-built-in-404-page-with-mod-rewrite). – halfer Sep 06 '13 at 20:57

1 Answers1

1

You're over-thinking it.

//index.php
define('VERSION', '0.1');

///content/home.php
if(!defined('VERSION')) return;

add that check to all your pages, tada.

OneOfOne
  • 95,033
  • 20
  • 184
  • 185
  • Thank you. This one works. But I have template graphics and pdf files that have to be stored somewhere. It's not the end of the world if someone gets access to this files. But I realy thought CHMOD is the solution. Maybe .htaccess is a solution. Can I output an error 404 via htaccess for "hidden" folders? – Brill Sep 06 '13 at 20:28
  • You can or just put them somewhere else and access them through a php script. – OneOfOne Sep 06 '13 at 22:10