Hide a file on your server?

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
mettlehead
Forum Newbie
Posts: 15
Joined: Fri Oct 11, 2002 11:03 am
Location: Canada

Hide a file on your server?

Post by mettlehead »

I have a php file that people at my work can access by typing the path (i.e. http://www.mypage/mtphp.php) I don't want another person on the web to guess it and get it right. Is there a way so they can not access it or should the name of the file just be to complex to guess?
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

via .htaccess you can limit access
hedge
Forum Contributor
Posts: 234
Joined: Fri Aug 30, 2002 10:19 am
Location: Calgary, AB, Canada

Post by hedge »

You need a piece of code at the top of the script that acts as a gatekeeper that checks the credentials of the user.
mettlehead
Forum Newbie
Posts: 15
Joined: Fri Oct 11, 2002 11:03 am
Location: Canada

ok but

Post by mettlehead »

how do I do that , right now I tried this:

echo "<form name=\"Form\" action=\"enter()\" method=\"post\">\n";
echo "</textarea><br><br>\n";
echo "Password : <input type=\"text\" name=\"pass\" class=\"txtcolor\" value=\"$pass\"><br><br>\n";
echo "<input type=\"submit\" name=\"process\" value=\"Submit\" class=\"txtcolor\">\n";
echo "</form>\n";

And then I want to have a function called enter() which will check
if ($pass == "myPassword")
//do whatever

How do I call a php function from the action= on the form?
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

read Sticky: Before Post Read: Frames, JavaScript, and PHP Overview

you're not calling a php-function from a form, you're requesting a new document that is generated by a php-script
User avatar
Heavy
Forum Contributor
Posts: 478
Joined: Sun Sep 22, 2002 7:36 am
Location: Viksjöfors, Hälsingland, Sweden
Contact:

Post by Heavy »

If you use Apache, you will be happy for this one :wink:
Your page becomes invisible :mrgreen:

Code: Select all

&lt;?
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
header("Cache-Control: no-store, no-cache, must-revalidate");
header("Cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache");




if ($_GET&#1111;'user']!="TheRightUser" || $_GET&#1111;'pass']!="TheRightPassWord"){
?&gt;
&lt;!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"&gt;
&lt;html&gt;&lt;head&gt;
&lt;title&gt;404 Not Found&lt;/title&gt;
&lt;/head&gt;&lt;body&gt;
&lt;h1&gt;Not Found&lt;/h1&gt;
The requested URL &lt;?=$_SERVER&#1111;'PHP_SELF']?&gt; was not found on this server.&lt;p&gt;
&lt;hr&gt;
&lt;address&gt;&lt;?=$_SERVER&#1111;'SERVER_SIGNATURE']?&gt;&lt;/address&gt;
&lt;/body&gt;&lt;/html&gt;
&lt;?
exit;
}






?&gt;
&lt;HTML&gt;
&lt;HEAD&gt;
&lt;/HEAD&gt;
&lt;BODY&gt;

whatever content you wish to hide.

 &lt;br&gt;&lt;br&gt;&lt;br&gt;

To see this, the visitor has to add...&lt;br&gt;&lt;br&gt;

?user=TheRightUser&amp;pass=TheRightPassWord  &lt;br&gt;&lt;br&gt;

...to the URL, after the php file name.

// Dont include that &#1111;b]amp;&#1111;/b] in the URL. It is the forum system that adds that. It should only be an ampersand alone, without &#1111;b]amp;&#1111;/b].


&lt;/BODY&gt;
&lt;/HTML&gt;
CONFIQ
Forum Commoner
Posts: 32
Joined: Fri Oct 18, 2002 3:39 pm
Location: Israel - Raanana

Post by CONFIQ »

but... it's easer to use .htaccess and .htpassword as volka told ya...
User avatar
phpScott
DevNet Resident
Posts: 1206
Joined: Wed Oct 09, 2002 6:51 pm
Location: Keele, U.K.

hidding the file

Post by phpScott »

I agree that using .htaccess is probably the best way to go. I just tried something that might work as well if you don't want to provide passwords and the like.

If you are hosting on a unix machine put a period in front of the file name like
.somefile.php
which will cause the file to be hidden, and it shouldn't show up in a listing with 404 errors unless they are scanning for hidden files and besides who puts a period in front of a file name.

phpScott
slowly hidding from view.
Post Reply