The Note You're Voting On
djjokla AT gmail dot com ¶17 years ago
If a single file has to be included than I use the following
index.php ( where the file is gonna be included )
___________
<?php
define('thefooter', TRUE);
include('folder/footer.inc.php');
?>
and the footer file (for example) looks this way then
footer.inc.php ( the file to be inluded )
___________
<?php
defined('thefooter') or die('Not with me my friend');
echo('Copyright to me in the year 2000');
?>
So when someone tries to access the footer.php file directly he/she/it will get the "Not with me my friend" messages written on the screen. An alternative option is to redirect the person who wants to access the file directly to a different location, so instead of the above code you would have to write the following in the footer.inc.php file.
<?php
defined('thefooter') or header('Location: http://www.location.com');
echo('Copyright to me in the year 2000');
?>
In normal case a redirection to an external site would be annoying to the visitor, but since this visitor is more interested in hacking the site than in reading the content, I think it's only fair to create such an redirection. We dont' realy want someome like this on our sites.
For the file protection I use .htaccess in which I say to protect the file itself and every .inc file
<Files ~ "^.*\.([Hh][Tt]|[Ii][Nn][Cc])">
Order allow,deny
Deny from all
Satisfy All
</Files>
The .htaccess file should result an Error 403 if someone tries to access the files directly. If for some reason this shouldn't work, then the "Not with me my friend" text apears or a redirection (depending what is used)
In my eyes this looks o.k. and safe.
