Stop people from viewing php files

[DylanD]

I have a bunch of php scripts that get information from a database then mark it up in XML.

 

I want to prevent random people from running these pages and being able to look at the XML.

 

How do you accomplish this while still allowing my flex app to see them?

 

Thanks in advance

Dylan

[phpSensei]

 

<?php

if($_SERVER['REMOTE_ADDR'] != "USER"){

die();

}
else

{

//echo

}
?>

[marcus]

Password protect the folder.

 

His IP can change.

[phpSensei]

True, just CHMOD it to whatever you want.

 

http://catcode.com/teachmod/

http://en.wikipedia.org/wiki/Chmod

[burtybob]

What about a basic form and code eg.

 

if($_REQUEST[pass]!=USERSCHOSENPW && $_REQUEST[user]!=USERSCHOSENUSER){

die();

}
else

{

//echo

}
?>
<html>
<form action="" method=post>
<input type=password name=pass>
<input type=text name=user>
<form>

BTW i did leave the textbox without any labels any purpose as it increses security a pinch as a person wont know which is which although i wouldnt recomend that on a client side login.

[cooldude832]

if you only need the data from a database, just make it be on demand and password protect the page some how

[otuatail]

Can't see how anyone can view the PHP part as the server only dishes up the HTML.

 

 

[revraz]

"I want to prevent random people from running these pages and being able to look at the XML."

 

He didnt say anything about viewing code.

[thebadbad]

Just stick those files one directory UP from the domain-root. http://www.phpfreaks.com/forums/index.php/topic,165195.0.html