cooldude832 Posted October 4, 2007 Share Posted October 4, 2007 I am trying a new schematic for laying out my site so I can take it done and up very quickly by adjusting a single line. So each actual document that I want the players to view are <?php $page = "index"; $title = "Home Page"; require_once('constants.php'); require_once(SCRIPTS.'shell.php'); ?> That works great and the $page var sets what the name of the source code is for the content area and the shell file is the skeleton outline. Any way in the file of shell it has a line of <div id="content"> <?php require(SUB_FOLDER.$page.EXT);?> </div> I want to prevent people from directly accessing the files in the SUB_FOLDER location, as it is just raw source code that shouldn't be viewed outside the skeleton, also if the site is down I want to prevent people from getting around this and going into that folder and viewing the site/logging in. So my question comes down to this, should I put a bit of coding in the top of each source page that says <?php $page_url = BASE.SUB_FOLDER."page name".EXT; //this equals mydomain.com/subfolder/page_name.php if($_SERVER['self''] == $page_url){ exit(header("Location: mydomain.com")); } ?> Or can I do this with chmod/.htaccess to prevent direct access to this folder? Quote Link to comment Share on other sites More sharing options...
trq Posted October 4, 2007 Share Posted October 4, 2007 Use your .htaccess. order allow,deny deny from all Quote Link to comment Share on other sites More sharing options...
cooldude832 Posted October 4, 2007 Author Share Posted October 4, 2007 I know I'm int he wrong place, but I don't do a lot of .htacess any tips? Quote Link to comment Share on other sites More sharing options...
trq Posted October 4, 2007 Share Posted October 4, 2007 You could try the manual. Quote Link to comment Share on other sites More sharing options...
Barand Posted October 4, 2007 Share Posted October 4, 2007 or you could name your included files with .php extensions so they are processed but not readable. Quote Link to comment Share on other sites More sharing options...
cooldude832 Posted October 4, 2007 Author Share Posted October 4, 2007 They are php documents, but they have output that falls outside the the php brackets so if its executed stuff is there. Quote Link to comment Share on other sites More sharing options...
cooldude832 Posted October 4, 2007 Author Share Posted October 4, 2007 I tried Order Deny,Allow Deny from all In that subfolder which works too well as my php docs can now not include that folder I tried just Deny from all also no good. Quote Link to comment Share on other sites More sharing options...
cooldude832 Posted October 4, 2007 Author Share Posted October 4, 2007 okay I removed all the rules and Now I can't get anything to be read in the folder. Quote Link to comment Share on other sites More sharing options...
cooldude832 Posted October 4, 2007 Author Share Posted October 4, 2007 Do I need to restart apache to remove all these rules, but for some reason it went downstream (from the subfolder to the root) and I can't remove it now. Quote Link to comment Share on other sites More sharing options...
trq Posted October 4, 2007 Share Posted October 4, 2007 Sorry, I think you need to use.... Order Deny,Allow Deny From All Allow From 127.0.0.1 Quote Link to comment Share on other sites More sharing options...
cooldude832 Posted October 4, 2007 Author Share Posted October 4, 2007 oh local host. I once saw a shirt that had a tin man in a house in a tornado saying there is no place like 127.0.0.1 and I understood it and I felt sad Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.