Page 1 of 1
Hide a file on your server?
Posted: Fri Oct 18, 2002 10:01 am
by mettlehead
I have a php file that people at my work can access by typing the path (i.e.
http://www.mypage/mtphp.php) I don't want another person on the web to guess it and get it right. Is there a way so they can not access it or should the name of the file just be to complex to guess?
Posted: Fri Oct 18, 2002 10:23 am
by volka
via
.htaccess you can limit access
Posted: Fri Oct 18, 2002 12:15 pm
by hedge
You need a piece of code at the top of the script that acts as a gatekeeper that checks the credentials of the user.
ok but
Posted: Fri Oct 18, 2002 1:04 pm
by mettlehead
how do I do that , right now I tried this:
echo "<form name=\"Form\" action=\"enter()\" method=\"post\">\n";
echo "</textarea><br><br>\n";
echo "Password : <input type=\"text\" name=\"pass\" class=\"txtcolor\" value=\"$pass\"><br><br>\n";
echo "<input type=\"submit\" name=\"process\" value=\"Submit\" class=\"txtcolor\">\n";
echo "</form>\n";
And then I want to have a function called enter() which will check
if ($pass == "myPassword")
//do whatever
How do I call a php function from the action= on the form?
Posted: Fri Oct 18, 2002 1:31 pm
by volka
read
Sticky: Before Post Read: Frames, JavaScript, and PHP Overview
you're not calling a php-function from a form, you're requesting a new document that is generated by a php-script
Posted: Fri Oct 18, 2002 2:12 pm
by Heavy
If you use Apache, you will be happy for this one

Your page becomes invisible
Code: Select all
<?
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
header("Cache-Control: no-store, no-cache, must-revalidate");
header("Cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache");
if ($_GETї'user']!="TheRightUser" || $_GETї'pass']!="TheRightPassWord"){
?>
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
The requested URL <?=$_SERVERї'PHP_SELF']?> was not found on this server.<p>
<hr>
<address><?=$_SERVERї'SERVER_SIGNATURE']?></address>
</body></html>
<?
exit;
}
?>
<HTML>
<HEAD>
</HEAD>
<BODY>
whatever content you wish to hide.
<br><br><br>
To see this, the visitor has to add...<br><br>
?user=TheRightUser&pass=TheRightPassWord <br><br>
...to the URL, after the php file name.
// Dont include that їb]amp;ї/b] in the URL. It is the forum system that adds that. It should only be an ampersand alone, without їb]amp;ї/b].
</BODY>
</HTML>
Posted: Fri Oct 18, 2002 4:00 pm
by CONFIQ
but... it's easer to use .htaccess and .htpassword as volka told ya...
hidding the file
Posted: Fri Oct 18, 2002 5:20 pm
by phpScott
I agree that using .htaccess is probably the best way to go. I just tried something that might work as well if you don't want to provide passwords and the like.
If you are hosting on a unix machine put a period in front of the file name like
.somefile.php
which will cause the file to be hidden, and it shouldn't show up in a listing with 404 errors unless they are scanning for hidden files and besides who puts a period in front of a file name.
phpScott
slowly hidding from view.