Sign In
Register
Help
Thanks.
Page 1 of 1
Prevent Direct Access
Rate Topic:
#1
Invision User 
- IPB Full Member
-
- Group: Members
- Posts: 177
- Joined: 17-December 05
Posted 27 December 2005 - 07:18 PM
Is there a way to make a directory hosted on a server unaccessible but still let it be included in other PHP files?
Thanks.
Thanks.
MultiQuote
#2
Sebastian Mares
- Needs Hobby
-
- Group: Members
- Posts: 4,439
- Joined: 27-May 03
- Location:Bad Herrenalb, Germany
Posted 27 December 2005 - 07:27 PM
Wouldn't it work with a .htaccess file that denies access to all? AFAIK, PHP reads the files from disk and won't interefere with Apache.
There are 10 types of people in this world: those who understand binary, and those who don't.
#3
Invision User
- IPB Full Member
-
- Group: Members
- Posts: 177
- Joined: 17-December 05
Posted 27 December 2005 - 07:33 PM
Okay, .htaccess is fine. How would I go about using that though please?
*.htaccess confuses me*
*.htaccess confuses me*
#4
Sebastian Mares
- Needs Hobby
-
- Group: Members
- Posts: 4,439
- Joined: 27-May 03
- Location:Bad Herrenalb, Germany
Posted 27 December 2005 - 07:40 PM
Simply create a file called ".htaccess" and write the following inside it:
Store the file inside the directory you want to protect.
Order Deny,Allow Deny from all
Store the file inside the directory you want to protect.
There are 10 types of people in this world: those who understand binary, and those who don't.
#5
Invision User
- IPB Full Member
-
- Group: Members
- Posts: 177
- Joined: 17-December 05
Posted 27 December 2005 - 07:42 PM
Thank you very much. 
It doesn't seem to work. o__o
It doesn't seem to work. o__o
#6
Sebastian Mares
- Needs Hobby
-
- Group: Members
- Posts: 4,439
- Joined: 27-May 03
- Location:Bad Herrenalb, Germany
Posted 27 December 2005 - 08:03 PM
Do you even have Apache running as web server? And are .htaccess files parsed by your Apache?
There are 10 types of people in this world: those who understand binary, and those who don't.
#7
Invision User
- IPB Full Member
-
- Group: Members
- Posts: 177
- Joined: 17-December 05
Posted 27 December 2005 - 08:07 PM
I do have an Apache server, yes.
#8
Brendon Koz
- Needs Hobby
-
- Group: Members
- Posts: 4,741
- Joined: 06-September 03
- Location:Saratoga Springs, NY, USA
Posted 27 December 2005 - 09:42 PM
You can place the folders/files BELOW your web root directory. I am doing this right now.
So, for instance, on my test machine...
C:\Apache\htdocs\*.*
The *.* are all files that are accessible, htdocs is my web root.
C:\Apache\php_secure\*.*
In this case I can still access the files one folder below (../ <-- relative url or path) but no one can view the files.
So, for instance, on my test machine...
C:\Apache\htdocs\*.*
The *.* are all files that are accessible, htdocs is my web root.
C:\Apache\php_secure\*.*
In this case I can still access the files one folder below (../ <-- relative url or path) but no one can view the files.
mysiteonline.org™
They say, "Practice makes perfect," yet they also say, "Nobody's perfect"... I don't get it.
#9
Michael P
- PCA
-
- Group: +Active Customers
- Posts: 2,222
- Joined: 15-February 05
- Location:Newcastle, UK.
Posted 27 December 2005 - 10:51 PM
Matt Pullen, on Dec 27 2005, 07:18 PM, said:
Is there a way to make a directory hosted on a server unaccessible but still let it be included in other PHP files?
Thanks.
Thanks.
This may not be what your looking for exactly, but I use it, and its used in IPB.
In your scripts that will use the files in the protected directory, define a variable e.g. ScriptName, then in each script you will include in another folder, get the script to check the variable is defined, if its included the variable is defined, otherwise its not and you can get it to report an error message or even redirect to an access denied page.
Michael Peacock - Web Developer ( Corporate Blog | Personal Blog | Twitter )
learnr - phase 1 launched.
Newcastle Web Design and Development - Peacock Carter
My Books: Drupal 6 Social Networking preorder now | Selling Online with Drupal e-Commerce | Building Websites with TYPO3
learnr - phase 1 launched.
Newcastle Web Design and Development - Peacock Carter
My Books: Drupal 6 Social Networking preorder now | Selling Online with Drupal e-Commerce | Building Websites with TYPO3
#10
_
- Needs Serious Help
-
- Group: Members
- Posts: 1,655
- Joined: 09-December 03
Posted 27 December 2005 - 11:13 PM
I'd do what malikyte says; I place all my core files in /home/veracon, then the executor and static files in /home/veracon/public_html...
(colours are based on your IP address and almost* unique)
(* meaning that two bytes are left unused, and there's always the chance of a collision)
#11
Brendon Koz
- Needs Hobby
-
- Group: Members
- Posts: 4,741
- Joined: 06-September 03
- Location:Saratoga Springs, NY, USA
Posted 28 December 2005 - 01:35 AM
Without losing your password or host's security being bypassed, it's the most secure method of hiding your stuff.
I do basically the same thing on our production server (Unix OS) but figured a Windows OS example would be a bit more easily understood...
I do basically the same thing on our production server (Unix OS) but figured a Windows OS example would be a bit more easily understood...
mysiteonline.org™
They say, "Practice makes perfect," yet they also say, "Nobody's perfect"... I don't get it.
#12
Invision User
- IPB Full Member
-
- Group: Members
- Posts: 177
- Joined: 17-December 05
Posted 28 December 2005 - 07:58 AM
Okay! Thanks a bunch for that.
Page 1 of 1