Community
Learn
Tools Library
AI Tools
Leisure
search
English
Home > Backend Development > PHP Tutorial > How Can I Prevent Direct Access to Included PHP Files?

How Can I Prevent Direct Access to Included PHP Files?

DDD
Release: 2025-01-01 09:11:15
Original
366 people have browsed it

How Can I Prevent Direct Access to Included PHP Files?

Preventing Direct File Access in PHP

In the world of web development, it's essential to control access to sensitive files, especially those intended solely for inclusion within other scripts. A common issue arises when such files can be accessed directly through the URL, leading to potential security vulnerabilities.

To address this concern, PHP offers a straightforward solution that allows you to restrict direct access to included files. By implementing a simple conditional check, you can deter unauthorized attempts to execute those files directly.

To effectively implement this protection, follow these steps:

1. Check Referrer Source

Open the PHP file that you intend to use exclusively as an include. Add the following code to the beginning of the file:

if (!isset($_SERVER['HTTP_REFERER'])) {
    die('Direct access not permitted');
}

$current_url = $_SERVER['HTTP_REFERER'];
$allowed_url = 'https://example.com/page_that_includes_this_file.php';

if ($current_url != $allowed_url) {
    die('Direct access not permitted');
}
Copy after login

2. Define a Constant

In the PHP file that includes the protected file, add the following code at the beginning:

define('MY_CONSTANT', TRUE);
Copy after login

Explanation:

The first piece of code checks if the request came from the expected referring URL (in this case, the page that should include the file). If the referrer is not set or does not match the allowed URL, it generates an error message.

The next part of the code defines a constant named "MY_CONSTANT" in the include file. On the pages that include it, you define this constant to TRUE, ensuring that the page can access the file legitimately.

By implementing this mechanism, you can effectively prevent direct access to the include file, ensuring its integrity and preventing unauthorized execution.

The above is the detailed content of How Can I Prevent Direct Access to Included PHP Files?. For more information, please follow other related articles on the PHP Chinese website!

source:php.cn
Previous article:Understanding Autoloading in PHP: How to Implement and Use It Efficiently Next article:How to Get MySQL Column Names as a PHP Array?
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Latest Articles by Author
Latest Issues
function_exists() cannot determine the custom function Function test () {return true;} if (function_exists ('test')) {echo "test is function...
From 2024-04-29 11:01:01
0
3
2382
How to display the mobile version of Google Chrome Hello teacher, how can I change Google Chrome into a mobile version?
From 2024-04-23 00:22:19
0
11
2511
The child window operates the parent window, but the output does not respond. The first two sentences are executable, but the last sentence cannot be implemented.
From 2024-04-19 15:37:47
0
1
2131
There is no output in the parent window document.onclick = function(){ window.opener.document.write('I am the output of the child ...
From 2024-04-18 23:52:34
0
1
2005
Where is the courseware about CSS mind mapping? Courseware
From 2024-04-16 10:10:18
0
0
2081
Related Topics
More>
Popular Recommendations
Popular Tutorials
More>
Related Tutorials
Popular Recommendations
Latest courses
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template