473,408 Members | 1,734 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > php > questions > protecting php files from download?

Join Bytes to post your question to a community of 473,408 software developers and data experts.

Protecting PHP Files from Download?

karlectomy
Howdy,

I was wondering if there was an way to protect PHP include Files from being downloaded from my host servers. Can this be done with permissions? or do I need access to serverside options to prevent access to these files?


Any help would be greatly appreciated.
Sep 19 '07 #1
4 1911
Not sure what you're doing in the first place that allows them to be downloaded -- mine all just get executed.

That said, if you want to deny running the script directly, you can add in a flag that proper scripts set before including the file and which is subsequently checked.

For example, let's say that you have the following index.php file:
Expand|Select|Wrap|Line Numbers
  1. <?php
  2. $page_body = '<H1>Today Rocks!</H1>';
  3.  
  4. $allow_file_includes = true;
  5. require_once('template.php');
  6. ?>
  7.  
it includes template.php which has a check at the beginning:
Expand|Select|Wrap|Line Numbers
  1. <?php
  2. if ($allow_file_includes !== true) {
  3.   header("Location: index.php");
  4.   exit();
  5. }
  6.  
  7. echo $page_body;
  8. ?>
  9.  
If someone visits template.php directly, they'll be redirected to index.php
Sep 20 '07 #2
Atli
5,058 Expert 4TB
Hi.

If you are using Apache as a web server, it is likely that you can use htaccess files to specify what files your clients can and can not use. This will not affect PHP includes, as they are done server-side.

Try adding a file called '.htaccess' to the folder that contains your include files and add the following as it's contents. If htaccess is available any request for a .php file should be denied.
Expand|Select|Wrap|Line Numbers
  1.  <Files *.php>
  2.    Order allow,deny
  3.    Deny from all
  4.  </Files>
  5.  
Sep 20 '07 #3
pbmods
5,821 Expert 4TB
Heya, Karlectomy.

If your server allows, try storing your include files outside your website root.
Sep 20 '07 #4
Hey Thanks all for the suggestions,

I am using Godaddy on a (pretty sure) shared server so I don't believe I have access to server settings.

I think I have what I need. I was thinking if I opened a page and saved it to my machine I would be able to view the code.. well I was wrong. I *hope* my connection strings and such are reasonably secure from prying eyes.

That access variable is a great idea to prevent direct execution. Thanks a lot. Now I have to go back to all my functions and include the access token variable :O. oh well better safe than sorry!

Thanks again
Sep 20 '07 #5

Sign in to post your reply or Sign up for a free account.

Similar topics

4
Protecting unauthorized viewing of non-php files
by: Tom | last post by:
My site requires users to log in. Each php page ensures the user has been authentiated and will redirect to the login page if need be. However the site also has a directory of PDF files that...
PHP
12
protecting images with asp
by: Roland Hall | last post by:
I read Aaron's article: http://www.aspfaq.com/show.asp?id=2276 re: protecting images from linked to by other sites. There is a link at the bottom of that page that references an interesting...
ASP / Active Server Pages
3
Protecting PDFs with Forms Authentication?
by: Mike Kingscott | last post by:
Hi there, I'm writing an app in which a punter buys some PDFs online. After purchasing said PDFs, they will be given a token (bless them Guids) to go to a download .ASPX page from which they can...
ASP.NET
8
Password protecting downloads
by: Iain Napier | last post by:
I'm in the middle of developing a website with a downloads section. It's a wad of educational software for an LEA which for obvious reasons needs password protecting. Users have to authenticate...
PHP
18
Protecting files on the server.
by: UJ | last post by:
Folks, We provide custom content for our customers. Currently we put the files on our server and people have a program we provide that will download the files. These files are usually SWF, HTML or...
ASP.NET
22
Technical Answer - Protecting code in python
by: flit | last post by:
Hello All, I have a hard question, every time I look for this answer its get out from the technical domain and goes on in the moral/social domain. First, I live in third world with bad gov., bad...
Python
1
Protecting an online file manager system for students
by: jonkemm | last post by:
I'm making a a system for my school to allow students to have some online space to store their school files on. It has a basic upload / create folder / download / delete bit, it also has a 'submit...
ASP / Active Server Pages
1
Protecting unauthenticated users from downloading .swf files
by: =?Utf-8?B?S2xhdXMgSmVuc2Vu?= | last post by:
Hi I have in the past had succes with protecting pdf-files from download by unauthenticated users by adding an application extension in IIS and mapping pdf.files to be served by the...
ASP.NET
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing
0
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
Windows Server
0
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
General
0
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
Career Advice
0
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new...
Microsoft Access / VBA

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!