I am developing a site where all the user data is in a separate folder.
The idea is to not have to access the database with the user data. The account page will include the user data from the user that is logged in.
the problem however is that you can access all the user data by browsing to the right url
my folder setup is now
and under DocumentRoot I have
by browsing to mydomain.com/user_data/user_1/account_1.inc
the user data is displayed as a regular text file.
the same thing is true for the scripts folder.
by placing the user_data and scripts folder outside DocumentRoot acces is denied to the user_data and scripts folder but then php can not include the needed files.
Is there some way to let php access the files in the user_data and scripts folders but in such a way that you can not access the files from a browser ?
Edited by anatak, 11 May 2014 - 01:31 AM.