Posted by NC on 11/05/07 18:41

On Nov 1, 3:27 pm, Animesh K <animesh1...@gmail.com> wrote:
>
> I have a file abc.php which includes another file (which
> primarily has text) called text.php.
>
> Is there a way I can secure the text.php file without
> affecting the include_once('text.php') call in abc.php?
>
> By secure, I mean the outside user should not be able to
> find the file at all.

Not really... Apache must be able to serve abc.php, but not
text.php. This means that they must reside in different directories.
There are two options you can look into:

1. Move text.php outside the Web root, or
2. Move text.php into a subdirectory and prohibit access to
that directory from the Web by using an .htaccess file.

Alternatively, you may leave the files where they are, but put
something like this in the beginning of text.php:

if (strpos ($_SERVER['PHP_SELF'], 'abc.php') === false) {
die();
}

In other words, do not execute text.php, unless it is being included
into abc.php...

Cheers,
NC

[Back to original message]