how to resitrict user from accessing a folder in php?

Question

I have searched it all around but couldn't find it all i want to know is i have a folder called temp like

->public_html

-->temp

now how do i restrict a user from accessing it from outside server like it gives an error when someone includes it in their php script? i want to do it through php not through .htaccess or apache i tried chmod but it restricts the whole website from the local server only. i have done the constant thing also but if someone knows the constant name then he can still extract the data.

Answer 1

You can't include a remote PHP file. If they have allow_furl_open and allow_url_include set to true and use include('http://yoursite/temp/yourfile.php'), then what gets included is the output of that PHP file. Not the PHP source itself.

So when you have a php file with the following contents:

<?php
    $password = "secret";
    echo "Test";
?>

And someone includes that file remotely, they'll only get "Test" back, which isn't valid PHP syntax. They won't be able to see the contents of the file, only what gets outputted. The file runs on the remote (or in this case your) server. Whoever includes it gets the output after execution on that server.

So you don't have to do anything like if (!isset(some_magical_constant)) die("Go away!"), that's just plain silly, but unfortunately I've seen it all over the web.

Answer 2

Put an empty "index.html" file inside your "temp" folder. This prevents user from seeing the contents of that folder. Which basically makes it impossible for users to work around it.

As for including it in a script, people have to know what files are in it to use it in a script.

Answer 3

htaccess, only way I know of... don't think it's possible with PHP

<Directory /public_html/temp>
  order allow,deny
  deny from all
</Directory>