1

I am somehow a noobie in PHP and I want to learn. I am making a proyect, in which I use require('parts/header.php') statements to include functions and templates. My pages look like this:

<?php include('core/checklogin.php'); //This will check if the user is logged in and can see this page or not include('parts/top.php'); //This loads the <head> tags and the header, including the navbar ?> <section id="mainArea"> <h1>Hello <?php echo getUserNickname()?></h1> <p>Some stuff</p> </section> <?php include('parts/bottom.php'); //This loads the <head> tags and the header, including the navbar ?>

The problem is if someone enters myproyect.com/parts/top.php he would see the top part, and that file is going to be executed. I don't want that. I was thinking doing some stuff in a .htaccess file like:

 #.htaccess inside parts directory dont_serve_anything_inside_this_directory_and_return_forbidden();

But I don't know how without affecting the server side code. Another alternative is to use the equivalent of if __name__ == 'main': of python, and do like:

 //parts/top.php if(__name__ == 'main'){ header('Location: /index.php'); exit(); }

What could I do?

Improve this question
2
  • 1
    move top.php outside the web root, then there is no access via the web-server Commented Jun 30, 2015 at 22:33
  • Your answer is a good solution, thank you. :D Commented Jun 30, 2015 at 22:41

1 Answer 1

Reset to default
0

You need to create file .htaccess inside your so-called protected from the outside direct access folder and put the following content there:

Deny from all

This will prevent users from being able to access your files using http://example.com/parts/bottom.php

Just add .htacccess to parts folder.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.