Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

IMPORTANT! Check the KNOWLEDGE BASE before posting! @ https://infinityfree.net/support/

Can our PHP files used by external hackers?

Hello,

I want to know if it's possible to use PHP include for accessing scripts hosted on your servers. I am a bit worried about hackers, and i've seen this http://www.htaccess-guide.com/preventing-access-to-your-php-includes-files/ bit it's not woring. Thabks for the reply.

Comments

  • edited April 2017

    Anything which is in the htdocs directory of a website can be accessed directly. It's up to the script developer to make sure that accessing those included files directly doesn't expose any sensitive information.

    A common way to do that is to define a constant in every file you want people to access directly, like so:

    define('IN_SITE', true);
    

    And in every included file, put the following at the start of the file:

    if (!defined('IN_SITE") || !IN_SITE){
        die('Forbidden');
    }
    

    That way, included files are only executed when they are included and are terminated immediately if accessed directly.

This discussion has been closed.