0

I have this newly created web page with a Index that loads with require the different parts of my web, depending on where you are located (home, contact, about, etc). My problem is that if a user types in the URL /contact.php this "module" will load up and give errors and I don't want that to happen. Can I block the access to all this small modules (contact.php, about.php, etc) and only be able to load them from index.php ? Is there anyway I can do that without touching the .htaccess file? Or would you recommend me editing this file too and block user access to them only to have an added layer of security? Can I still have access to the files from my index.php if I block them in .htaccess ?

Thanks.

user3529213
  • 73
  • 1
  • 8
  • You coded it bad. It shouldn't matter if they go directely to the url – Daan May 16 '14 at 13:05
  • 1
    Take a look at this question. The solution proposed there might help. http://stackoverflow.com/questions/409496/prevent-direct-access-to-a-php-include-file – hanleyhansen May 16 '14 at 13:07
  • You can place that file outside the public domain and use an absolute path to that file, which is one option. – Funk Forty Niner May 16 '14 at 13:08
  • @hanleyhansen I found a good solution on that link that uses a constant and I will use that since it seems to be easy and very secure. Thanks! – user3529213 May 16 '14 at 13:11

2 Answers2

4

Try below functionality:

In your index.php file put below code at top before inclusion of other files:

define('_ANYUNIQUESTRING',"1");

In all other files, put below code at top:

defined('_ANYUNIQUESTRING') or die('Restricted access');

Hope this helps

Rahul Kaushik
  • 1,454
  • 8
  • 16
2

You can store these pages outside out the public_html folder so that only the server can access them.

If your public files are here

/home/user/public_html

Store the pages here

/home/user/pages

Then use the full path to require them.

Thomas
  • 195
  • 11
  • I used something similar, I placed them in `../public_html/modules` and inside placed a `.htaccess` file with the code `Deny from all` and it works perfect. Thanks. – user3529213 May 16 '14 at 13:18