Secure a php page from accessing it

Question

I have an index.php page and I'm using

<?php include("default.php"); ?>

to get contents from default.php. Now i want that if someone directly opens default.php it becomes unaccessable or redirect it back to index.php page. How can i do it ?

Answer 1

If you don't want something accessed by the user, don't put it in public_html. The hint is in the name, it's public.

Instead, save such files outside the document root. You might, for example, have:

- /public_html
|  - index.php
|
- /files
   - default.php

From here, index.php can call:

include("../files/default.php");

But no user will ever be able to directly access default.php.

Answer 2

@NiettheDarkAbsol's answer is the best one, but sometimes putting files outside of the public_html directory isn't an option. In this case you can add a check at the top of each file to make sure that it's opened by a valid file, not accessed directly. I do this by setting a constant at the top of files that can be accessed using define('IN_SITE', true, true); and then add the following to all pages not allowed to be accessed directly:

if ( ! defined('IN_SITE') )
    die('No direct access allowed!');

Answer 3

Add above code in file which file you will include in other file. this code in default.php

<?php
if(!defined('MyConst')) {
   die('Direct access not permitted');
}
?>

And below code in file in which above file your including this code in index.php file

<?php
define('MyConst', TRUE);
?>

And other way you can achieve with the help of .htaccess add your all file in folder name include and in .htaccess

Deny from all

i hope this will helps you