Full Version: Hiding .inc.php files
I am writing an admin program. The only file that is ever linked to is the index.php and everything else is included as needed. I want to hide all the extra files so that nobody can view them by typing the name in the url. The only file I want publicly viewable is index.php. Is it a good idea to move all my included files to a non-public folder? If so, where would the folder go?
QUOTE(noe0729 @ Mar 11 2005, 05:47 AM)
I am writing an admin program. The only file that is ever linked to is the index.php and everything else is included as needed. I want to hide all the extra files so that nobody can view them by typing the name in the url. The only file I want publicly viewable is index.php. Is it a good idea to move all my included files to a non-public folder? If so, where would the folder go?
It really does not matter to do this. As long as the code in those include scripts can't do anything when you execute them. Generally, your include scripts would have functions or classes inside them, not just raw code. If the include script is accessed by the browser for some reason, then nothing should happen because the class or functin wasn't executed.
If you really want to hide them, you can put them into a directory and then Password protect that directory via .htaccess. PHP doesn't care about the password protection because you're not using standard HTTP methods to access an included file.
QUOTE(phpfreak @ Mar 11 2005, 08:24 AM)
It really does not matter to do this. As long as the code in those include scripts can't do anything when you execute them. Generally, your include scripts would have functions or classes inside them, not just raw code. If the include script is accessed by the browser for some reason, then nothing should happen because the class or functin wasn't executed.
If you really want to hide them, you can put them into a directory and then Password protect that directory via .htaccess. PHP doesn't care about the password protection because you're not using standard HTTP methods to access an included file.
If you really want to hide them, you can put them into a directory and then Password protect that directory via .htaccess. PHP doesn't care about the password protection because you're not using standard HTTP methods to access an included file.
How do I set up a password protected directory? Know any good tutorials?
QUOTE(noe0729 @ Mar 11 2005, 10:46 AM)
How do I set up a password protected directory? Know any good tutorials?
It's easy. go to cPanel and click on the Web Protect icon. I think that's what it's called!
QUOTE(noe0729 @ Mar 11 2005, 10:46 AM)
How do I set up a password protected directory? Know any good tutorials?
I'll do that as soon as I get out of this sand box to where I can access my Cpanel. I miss my computer.
QUOTE(noe0729 @ Mar 11 2005, 10:50 AM)
I'll do that as soon as I get out of this sand box to where I can access my Cpanel. I miss my computer.
Oh yeah....
Here try this online Wizard that I made: http://www.apachefreaks.com/apache-password-wizzard.php
QUOTE(phpfreak @ Mar 11 2005, 10:52 AM)
Oh yeah....
Here try this online Wizard that I made: http://www.apachefreaks.com/apache-password-wizzard.php
Here try this online Wizard that I made: http://www.apachefreaks.com/apache-password-wizzard.php
I ran through the tutorial and now have a protected directory but I am unable to log in and see the "Hello World" script I put there. I'm not sure what I did wrong.
Here's what I did:
I created this .htaccess file and put it in /www/includes
CODE
AuthType Basic
AuthName "Webmasters Access Only"
AuthUserFile /pass/.htpasswd
require valid-user
Then created this .htpasswd file and put it in /www/includes/pass
CODE
username:password
QUOTE(noe0729 @ Mar 11 2005, 11:43 AM)
I ran through the tutorial and now have a protected directory but I am unable to log in and see the "Hello World" script I put there. I'm not sure what I did wrong.
Here's what I did:
I created this .htaccess file and put it in /www/includes
AuthType Basic
AuthName "Webmasters Access Only"
AuthUserFile /pass/.htpasswd
require valid-user
Then created this .htpasswd file and put it in /www/includes/pass
username:password
Here's what I did:
I created this .htaccess file and put it in /www/includes
CODE
AuthType Basic
AuthName "Webmasters Access Only"
AuthUserFile /pass/.htpasswd
require valid-user
Then created this .htpasswd file and put it in /www/includes/pass
CODE
username:password
The AuthUserFile directive has to be the full path to the .htpasswd file.
QUOTE(phpfreak @ Mar 11 2005, 11:47 AM)
The AuthUserFile directive has to be the full path to the .htpasswd file.
I did that and now all it does is show me the .htpasswd file contents
CODE
username:cryptpass
QUOTE(noe0729 @ Mar 11 2005, 12:01 PM)
I did that and now all it does is show me the .htpasswd file contents
CODE
username:cryptpass
Copy and paste the .htaccess file again.
QUOTE(phpfreak @ Mar 11 2005, 12:15 PM)
Copy and paste the .htaccess file again.
I'm still getting the same thing.
I asked you to copy and paste the contents of your .htaccess file into a code block here so that I can see it.
Also, if you're getting the prompt over and over that means that Apache cannot read the .htpasswd file.
Also, if you're getting the prompt over and over that means that Apache cannot read the .htpasswd file.
QUOTE(phpfreak @ Mar 11 2005, 12:40 PM)
I asked you to copy and paste the contents of your .htaccess file into a code block here so that I can see it.
Also, if you're getting the prompt over and over that means that Apache cannot read the .htpasswd file.
Also, if you're getting the prompt over and over that means that Apache cannot read the .htpasswd file.
Sorry. I misunderstood you.
I'm not getting the prompt over and over though. It accepts the password and then shows me the contents of .htpasswd.
CODE
AuthType Basic
AuthName "Webmaster Access Only"
AuthUserFile /home2/dustecom/public_html/includes/.htpasswd
require valid-user
the server should not be doing that! It's not allowed to show the contents of '.' (dot) files.
Are you trying to access something besides that file?
Are you trying to access something besides that file?
QUOTE(phpfreak @ Mar 11 2005, 12:53 PM)
the server should not be doing that! It's not allowed to show the contents of '.' (dot) files.
Are you trying to access something besides that file?
Are you trying to access something besides that file?
All I have in there is a index.php file that echos "Hello World", .htaccess, and .htpasswd. It should be showing "Hello world", right?
QUOTE(noe0729 @ Mar 11 2005, 01:00 PM)
All I have in there is a index.php file that echos "Hello World", .htaccess, and .htpasswd. It should be showing "Hello world", right?
Hi, yes that's correct. It should only be showing the index.php
Please submit a ticket: https://www.Work the web.com/ticket.php and we'll have a look into it.
QUOTE(phpfreak @ Mar 11 2005, 01:01 PM)
Hi, yes that's correct. It should only be showing the index.php
Please submit a ticket: https://www.Work the web.com/ticket.php and we'll have a look into it.
Please submit a ticket: https://www.Work the web.com/ticket.php and we'll have a look into it.
I put the wrong domain on my e-mail address for the ticket I submitted. It needs to be @auab.centaf.af.mil with the same user name. Sorry.
QUOTE(noe0729 @ Mar 11 2005, 01:18 PM)
I put the wrong domain on my e-mail address for the ticket I submitted. It needs to be @auab.centaf.af.mil with the same user name. Sorry.
This has been handled via Support and the problem has been solved.
QUOTE(phpfreak @ Mar 11 2005, 05:50 PM)
This has been handled via Support and the problem has been solved.
I see that "it works fine" now. Thanks!
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.