Page 1 of 1

Hide a file on your server?

Posted: Fri Oct 18, 2002 10:01 am
by mettlehead
I have a php file that people at my work can access by typing the path (i.e. http://www.mypage/mtphp.php) I don't want another person on the web to guess it and get it right. Is there a way so they can not access it or should the name of the file just be to complex to guess?

Posted: Fri Oct 18, 2002 10:23 am
by volka
via .htaccess you can limit access

Posted: Fri Oct 18, 2002 12:15 pm
by hedge
You need a piece of code at the top of the script that acts as a gatekeeper that checks the credentials of the user.

ok but

Posted: Fri Oct 18, 2002 1:04 pm
by mettlehead
how do I do that , right now I tried this:

echo "<form name=\"Form\" action=\"enter()\" method=\"post\">\n";
echo "</textarea><br><br>\n";
echo "Password : <input type=\"text\" name=\"pass\" class=\"txtcolor\" value=\"$pass\"><br><br>\n";
echo "<input type=\"submit\" name=\"process\" value=\"Submit\" class=\"txtcolor\">\n";
echo "</form>\n";

And then I want to have a function called enter() which will check
if ($pass == "myPassword")
//do whatever

How do I call a php function from the action= on the form?

Posted: Fri Oct 18, 2002 1:31 pm
by volka
read Sticky: Before Post Read: Frames, JavaScript, and PHP Overview

you're not calling a php-function from a form, you're requesting a new document that is generated by a php-script

Posted: Fri Oct 18, 2002 2:12 pm
by Heavy
If you use Apache, you will be happy for this one :wink:
Your page becomes invisible :mrgreen:

Code: Select all

&lt;?
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
header("Cache-Control: no-store, no-cache, must-revalidate");
header("Cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache");




if ($_GET&#1111;'user']!="TheRightUser" || $_GET&#1111;'pass']!="TheRightPassWord"){
?&gt;
&lt;!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"&gt;
&lt;html&gt;&lt;head&gt;
&lt;title&gt;404 Not Found&lt;/title&gt;
&lt;/head&gt;&lt;body&gt;
&lt;h1&gt;Not Found&lt;/h1&gt;
The requested URL &lt;?=$_SERVER&#1111;'PHP_SELF']?&gt; was not found on this server.&lt;p&gt;
&lt;hr&gt;
&lt;address&gt;&lt;?=$_SERVER&#1111;'SERVER_SIGNATURE']?&gt;&lt;/address&gt;
&lt;/body&gt;&lt;/html&gt;
&lt;?
exit;
}






?&gt;
&lt;HTML&gt;
&lt;HEAD&gt;
&lt;/HEAD&gt;
&lt;BODY&gt;

whatever content you wish to hide.

 &lt;br&gt;&lt;br&gt;&lt;br&gt;

To see this, the visitor has to add...&lt;br&gt;&lt;br&gt;

?user=TheRightUser&amp;pass=TheRightPassWord  &lt;br&gt;&lt;br&gt;

...to the URL, after the php file name.

// Dont include that &#1111;b]amp;&#1111;/b] in the URL. It is the forum system that adds that. It should only be an ampersand alone, without &#1111;b]amp;&#1111;/b].


&lt;/BODY&gt;
&lt;/HTML&gt;

Posted: Fri Oct 18, 2002 4:00 pm
by CONFIQ
but... it's easer to use .htaccess and .htpassword as volka told ya...

hidding the file

Posted: Fri Oct 18, 2002 5:20 pm
by phpScott
I agree that using .htaccess is probably the best way to go. I just tried something that might work as well if you don't want to provide passwords and the like.

If you are hosting on a unix machine put a period in front of the file name like
.somefile.php
which will cause the file to be hidden, and it shouldn't show up in a listing with 404 errors unless they are scanning for hidden files and besides who puts a period in front of a file name.

phpScott
slowly hidding from view.