Home  »     »     »  How to prevent people from accessing the include files directly on the browser in php

How to prevent people from accessing the include files directly on the browser in php

Monday, March 19, 2012

PHP Script to prevent people from accessing the include files directly on the browser

If a single file has to be included then here is the sample code

index.php  where the file is to be included
___________

//define a constant "CALL_FROM_MAIN" in the main file
    define('CALL_FROM_MAIN', TRUE);
    include('folder/footer.inc.php');


and the footer file (for example) looks this way then

footer.inc.php ( the file to be inluded )
___________

// in the include file code check whether the constant "CALL_FROM_MAIN"  is set

    defined('CALL_FROM_MAIN') or die('file not found');
    echo('My Blog is www.crozoom.com');


So when someone tries to access the footer.php file directly then will get the "file not found" messages written on the screen. An alternative option is to redirect the person who wants to access the file directly to a 404 error page or any other location, so instead of the above code you would have to write the following in the footer.inc.php file.

    defined('CALL_FROM_MAIN') or header('Location: http://www.your website.com');
    echo('My Blog is www.crozoom.com');


Error 404 redirection

Adding a 404 header will not give the user any clue that the include-file even exists !!!

You can also prevent the access of include file by using .htaccess file

<files \.inc$="" ~="">
Order allow,deny
Deny from all
Satisfy All
</files>



How to link to this page?
If you wish to link to this page from your website, simply Copy and paste the above HTML code to your web page. It will appear on your page as:
How to prevent people from accessing the include files directly on the browser in php.




Share this!




comments powered by Disqus

This Weeks 7 Popular Posts


Subscribe to Recent Posts by Email
Stay connected to CROZOOM with regular Email notices of new Techie articles and IT Jobs. Updates will be delivered to your Inbox as soon as they are posted online.

Enter Your Email Address:  

Delivered by FeedBurner   RSS Feed

Search this Blog   



Urgent Openings for PHP trainees, Andriod / IOS developers and PHP developers in Kochi Trivandrum Calicut and Bangalore. Please Send Your updated resumes to recruit.vo@gmail.com   Read more »