QUOTE(noe0729 @ Mar 11 2005, 05:47 AM)
I am writing an admin program. The only file that is ever linked to is the index.php and everything else is included as needed. I want to hide all the extra files so that nobody can view them by typing the name in the url. The only file I want publicly viewable is index.php. Is it a good idea to move all my included files to a non-public folder? If so, where would the folder go?
It really does not matter to do this. As long as the code in those include scripts can't do anything when you execute them. Generally, your include scripts would have functions or classes inside them, not just raw code. If the include script is accessed by the browser for some reason, then nothing should happen because the class or functin wasn't executed.
If you really want to hide them, you can put them into a directory and then Password protect that directory via .htaccess. PHP doesn't care about the password protection because you're not using standard HTTP methods to access an included file.