Reputation: 1363
PHP - How to read a private XML file?
I have a script on "domain 1" which performs a simplexml_load_file on an XML file on "domain 2" like so:
$url = 'domain2.com/file.xml';
$xml = simplexml_load_file($url);
$xmlEmail = $xml->xpath("//users/user/email");
$userEmail = implode(", ", (array) $xmlEmail);
However, this XML file contains private info about users. I don't want it to be directly accessible. Domain 2 will also be different according to the user so I can't filter by actual domains or IP's I'm afraid.
Is it possible to set permissions to make it non accessible to the public, but somehow still readable via the simplexml call? Any alternative methods perhaps?
Upvotes: 2
Views: 1468
Answers (2)
Reputation: 28454
Add following to your .htaccess file, that resides in the same folder as file.xml:
<Files file.xml>
Order Deny,Allow
Deny from all
Allow from domain2.com
</Files>
This will tell your web server to disable access to this file, except if request comes from domain2.com.
UPDATE:
According to what question owner told, this xml file will be accessed from different domains. In this case the only reasonable option I might think of is a password. galymzhan already provided the answer, but I will try extend his answer and to provide a working solution.
Add following to your .htaccess file, that resides in the same folder as file.xml:
.htaccess
<Files file.xml>
AuthType Basic
AuthName "Protected Access"
AuthUserFile /full/path/to/.htpasswd
Require valid-user
</Files>
Please note, it's not required to have a shell access to the server. you can upload .htpasswd file via ftp, and change it's permissions so it will be not read/write by web server group.
More info about password protection, and some examples, can be found here.
Upvotes: 1
Reputation: 5523
Set HTTP basic authentication for your web-server on "domain 2". Change the url for XML file like this:
$url = 'http://my_username:[email protected]/file.xml';
$xml = simplexml_load_file($url);
Upvotes: 1