ali_kiyani Posted December 17, 2008 Share Posted December 17, 2008 Hi, Let's say I have a page MAIN.PHP in which one file is being included as INCLUDES/FILE.PHP I want to prevent direct access to FILE.PHP so that no body can do like this: http://www.somewebsite.com/includes/file.php All users should only be able to access like this: http://www.somewebsite.com/main.php (and this main.php includes the other file.php file) Is there some $_SERVER variable available to check if the file being accessed is currently running inside some other file or not!? Or is there another way of doing it. Thanks Link to comment https://forums.phpfreaks.com/topic/137316-preventing-direct-access-to-include-file/ Share on other sites More sharing options...
genericnumber1 Posted December 17, 2008 Share Posted December 17, 2008 The easiest and most secure way is to put it in a directory outside of your htdocs directory. Other solutions would be to disallow direct access to the includes directory using .htaccess, or to set a constant and check in all included files if that constant is set. For instance: <?php define('INCLUDED_FILE', true); include('somefile.php'); ?> in somefile.php: <?php if(!defined('INCLUDED_FILE')) { die('You may not access this file directly'); } ?> Link to comment https://forums.phpfreaks.com/topic/137316-preventing-direct-access-to-include-file/#findComment-717482 Share on other sites More sharing options...
ali_kiyani Posted December 17, 2008 Author Share Posted December 17, 2008 Oh yes I already did it. This method is the simplest one works fine and I feel stupid of not thinking about it earlier. Thanks. Link to comment https://forums.phpfreaks.com/topic/137316-preventing-direct-access-to-include-file/#findComment-717487 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.