Limiting php file to localhost only

Question

Is there some way to limit loading of a php file to localhost only?

I'm including some php files in my index.php file to stich together a webpage. Lets say I'm including main.php in my index.php file. Now there is nothing that can stop anyone from loading the main.php file and displaying its content. As the main.php file is made to be stiched into the index.php file it doesn't look good alone.

Is there some code I can put in the main.php file so it doesn't output anything if not included from a localhost php file?

Something like:

. . .

Answer 1

The easiest method I've found is to have use this method:

Index.php

<?php
     define('VIA_INDEX', true);
     ...

Main.php

<?php

    if (false === defined('VIA_INDEX')) {
        //throw exception, re-route back to index etc.. etc...
    }

If a user calls Main.php it won't have the constant VIA_INDEX defined and therefore will not execute

Answer 2

You can also define a constant/variable in your index.php and check for it in main.php. That's how Joomlas of the world do it also. So, DEFINE('MYVAR', 1); in index.php. Main.php would have

defined( 'MYVAR' ) or die( 'Direct Access to this location is not allowed.' );

Answer 3

You can try testing the variable of $_SERVER['REMOTE_ADDR'], but that may not return what you need if your client connects via the ethernet IP address opposed to "127.0.0.1"

Also you can try using some tricks with .htaccess, but you did put a PHP tag on this and that may not be what you want to do.

Answer 4

If you don't want something accessible remotely, then don't put it into your site's document root. PHP will happily include()/require() files from ANYWHERE on the file system, regardless of doc root settings.

Answer 5

Just check the REMOTE_ADDR:

if ($_SERVER['REMOTE_ADDR'] == '<you>')