Menu
At the moment I do it like this:
In one file, lets call it file_one.php, I have
define( 'ROOT', realpath( dirname( __FILE__ ) ) );
require_once( ROOTPATH . '/file_two.php' );
And in file_two.php I then have this at the top:
if ( ! defined( 'ROOT' ) )
exit;
So the contents of file_two.php can only be accessed if ROOT is defined, which happens in file_one.php. If you try to access file_two.php directly it won't work, is it right? Are there any flaws in this method?
727
Converting John Conde's comment to an answer:
The best way to ensure a file can't be accessed in a browser is by putting it outside the webroot.
You should have a folder named www or public_html or similar, that contains your website's files. Well, in the folder containing that, you can put an includes folder and have your script-access-only files in there. This way, they are completely inaccessible from the web, but the scripts can still get to them.
112
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
