File access

Mr.Nom4ik · January 5, 2022, 1:55pm

I want to check the key, like you make a request to “https://example.com/check_key.php?key=test_key”, and the file “check_key.php” opens the file “keys.txt”, and if the key that is passed through the parameters of the request are written to the file, then the client returns “True”, and if not, then “False”. The problem is that users can simply open the file at the path “https://example.com/keys.txt” and see the correct keys.
It is possible to deny access to the file for ordinary users, but this does not work, I can read the file even if I set the access settings so that only “owner” can read the file (I used vpn to check). As I understand it, “check_key.php” performs check on behalf of “owner”.

How can you make it so that the user cannot open the file in the browser, but php scripts can?

Greenreader9 · January 5, 2022, 1:57pm

Make it into a PHP file, and save the keys as variables, or use a database.

Mr.Nom4ik · January 5, 2022, 2:10pm

The user can simply open the source code of the page, and look at which sql server the script is connected to to verify the key, and connect to it himself.

Greenreader9 · January 5, 2022, 2:19pm

Not if you are using PHP. Browsers cannon view PHP.

Mr.Nom4ik · January 5, 2022, 2:55pm

If the user tries to download the site folder via https://web2zip.ru, then open this archive, and see php files?

YT_Xaos · January 5, 2022, 5:06pm

I could guarantee that there are tutorials out in the web about this, and if not ask it on Stackoverflow.

Greenreader9 · January 5, 2022, 5:46pm

NO!

As I already said,

Admin · January 6, 2022, 12:50pm

Another option is to use .htaccess rules to block access to a file. You can block access to keys.txt using this code:

<Files "keys.txt">  
  Require all denied
</Files>

system · January 13, 2022, 12:50pm

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.