Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How can I add one line into all php files' beginning?

Tags:

security

php

So, ok. I have many php files and one index.php file. All files can't work without index.php file, because I include them in index.php. For example. if somebody click Contact us the URL will become smth like index.php?id=contact and I use $_GET['id'] to include contacts.php file. But, if somebody find the file's path, for example /system/files/contacts.php I don't want that that file would be executed. So, I figured out that I can add before including any files in index.php line like this $check_hacker = 1 and use if in every files beginning like this if($check_hacker <> 1) die();. So, how can I do it without opening all files and adding this line to each of them? Is it possible? Because I actually have many .php files. And maybe there is other way to do disable watching separate file? Any ideas?
Thank you.

like image 406
good_evening Avatar asked Nov 27 '22 03:11

good_evening

2 Answers

You could put your index.php alone in your web directory. And put all the files it includes in another non web directory.

Let's say you website http://www.example.com/index.php is in fact /path/to/your/home/www/index.php, you can put contact.php in /path/to/your/home/includes/contact.php. No .htaccess, rewrite, auto appending. Just a good file structure and a server configured like needed.

Edit to detail my comment about using xamp :

In your httpd.conf file, add something like this :

<Directory "/path/to/your/site/root">
    Options Indexes FollowSymLinks
    AllowOverride all
    Order Deny,Allow
    Deny from all
    Allow from 127.0.0.1
</Directory>


<VirtualHost *:80>
    DocumentRoot /path/to/your/site/root
    ServerName www.example.org
</VirtualHost>

Then in your windows hosts file (in C:\Windows\System32\drivers\etc), add this line :

127.0.0.1   www.example.com
like image 61
Arkh Avatar answered Dec 13 '22 08:12

Arkh

I would highly recommend to use the .htaccess file to rejects all requests for files diffrent to index.php but I am not quite sure how to do that propperly.

This might work (can't test it now) but it will also block requests to css, js and so on:

order deny,allow
<FilesMatch "\.php">
    deny from all
</FilesMatch>
<FilesMatch "(index.php)">
    allow from all
</FilesMatch>

If someone knows the right solution, please edit my answer. You might check this question: Deny direct access to all .php files except index.php

So you might have a FilesMatch only for php files in addition to the index.php rule.

EDIT: The new version of the code seems to work.

like image 45
4 revs Avatar answered Dec 13 '22 10:12

4 revs
Sign in to Comment

Related questions

PHP force download json [duplicate]
PHP Beginner OOP Building an object
Implementing a password validator for zf2
ZIP Archive sent by PHP is corrupted
Laravel 4 Nested Controllers and Routing
String to array conversion in php
Comparing Rails vs. PHP to a non-technical audience
Is it possible to detect what operating system a user is coming from using PHP? (mac or windows)
reading from MySQL is faster or reading from a file is faster?
convert unix timestamp php
What is the "for(;;)" syntax in this code?
How to write long IF more prettier?
PHP $_SESSION variable will not unset
How to make "uniqid" only give numbers?
Customizing model-stored validation rules in Laravel
MySQL and PHP: UTF-8 with Cyrillic characters [duplicate]
How to use multi Auth in laravel 5.2 [closed]
PHP String-to-Integer Exception
PHP/Rails/Django/ASP websites should have been written in C++?
Is SQL Injection possible with POST?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!