-1

I´m using a lot of including while coding pages to keep the code a little bit more beutiful and avoid typing code multiple times.

example of index.php:

<?php 
include 'header.php';
?>

<p> random HTML </p> 

<?php
    include 'foo.php';
?>

The 'problem' now is that clients are able to navigate to www.page.de/foo.php and see this content. Is there a PHP-way to solve this without playing on .htaccess?

Script47
  • 14,230
  • 4
  • 45
  • 66
devNull
  • 13
  • 4

1 Answers1

3

Don't place php files you don't want users to see in the public/ directory.

Edited out mention of .htaccess since you edited that into your question specification

Shardj
  • 1,800
  • 2
  • 17
  • 43
  • It´s not that user should not see the file. he sees it anyway. things like "if logged in" is already taken into consideration, but still they can have a look at these pages... Lets say the include is the login formular: It is shown on frontpage anyway, but www.page.de/login.php shows just the formular without the rest of HTML + CSS design – devNull Dec 05 '18 at 16:55
  • 1
    Short but essentially correct; PHP **can** require/include files that are *not* within the document root but they **can't** be accessed directly over HTTP. – CD001 Dec 05 '18 at 16:59
  • I believe it is done through the [`include_path`](https://stackoverflow.com/questions/9345109/php-ini-include-path), if I remember correctly. – Script47 Dec 05 '18 at 17:01
  • so lets say I create a private folder (which is not includet into document root) and put foo.php into it and include it into my index.php file my Problem is solved? – devNull Dec 05 '18 at 17:02
  • Correct @devNull what we have in our flagship product is a public/ directory with an entrypoint file. All other php files (which we wrote) are kept in the application/ directory. Every good PHP framework does it this way or a similar way – Shardj Dec 05 '18 at 17:12