I want to check the key, like you make a request to “https://example.com/check_key.php?key=test_key”, and the file “check_key.php” opens the file “keys.txt”, and if the key that is passed through the parameters of the request are written to the file, then the client returns “True”, and if not, then “False”. The problem is that users can simply open the file at the path “https://example.com/keys.txt” and see the correct keys.
It is possible to deny access to the file for ordinary users, but this does not work, I can read the file even if I set the access settings so that only “owner” can read the file (I used vpn to check). As I understand it, “check_key.php” performs check on behalf of “owner”.
How can you make it so that the user cannot open the file in the browser, but php scripts can?