I have an index.php page and I'm using
<?php include("default.php"); ?> to get contents from default.php. Now i want that if someone directly opens default.php it becomes unaccessable or redirect it back to index.php page. How can i do it ?
3 Answers
If you don't want something accessed by the user, don't put it in public_html. The hint is in the name, it's public.
Instead, save such files outside the document root. You might, for example, have:
- /public_html | - index.php | - /files - default.php From here, index.php can call:
include("../files/default.php"); But no user will ever be able to directly access default.php.
answered May 10, 2016 at 13:19
Niet the Dark Absol
326k86 gold badges480 silver badges604 bronze badges
Comments
@NiettheDarkAbsol's answer is the best one, but sometimes putting files outside of the public_html directory isn't an option. In this case you can add a check at the top of each file to make sure that it's opened by a valid file, not accessed directly. I do this by setting a constant at the top of files that can be accessed using define('IN_SITE', true, true); and then add the following to all pages not allowed to be accessed directly:
if ( ! defined('IN_SITE') ) die('No direct access allowed!'); 
Comments
Add above code in file which file you will include in other file. this code in default.php
<?php if(!defined('MyConst')) { die('Direct access not permitted'); } ?> And below code in file in which above file your including this code in index.php file
<?php define('MyConst', TRUE); ?> And other way you can achieve with the help of .htaccess add your all file in folder name include and in .htaccess
Deny from all i hope this will helps you
define('IN_APP', true)and in your sub files useif (!defined('IN_APP')) die();. The annoying thing doing this and not just removing the files from public view is that you have to do this in every file you don't want accessed.