Restricted Access in PHP.. please help!!!

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
iamsanjay
Forum Newbie
Posts: 1
Joined: Thu Mar 26, 2009 9:51 am

Restricted Access in PHP.. please help!!!

Post by iamsanjay »

Hi all,

I am a beginner to PHP coding. I have implemented most of my application by reading different forums. But now i m faced with a very big problem. It is a security issue and needs to be solved. I couldnt find a perfect solution for this. Please help me.

I am developing an application using PHP. I want to know whether there is a way to restrict the access of files by user directly without even logging in. For e.g in case of a web/app server like tomcat, the files inside WEB-INF/ folder are not accessible directly to the user. But in PHP i can go and type the path of any file present inside /var/www/html/myproject/....... Is there any way to restrict this access. If user tries to access any file inside some directory say view/ then he should be returned back to the login page. All those files should be accessible only through include().

Thanks,
Sanjay
jceresini
Forum Newbie
Posts: 8
Joined: Fri Mar 27, 2009 6:03 pm

Re: Restricted Access in PHP.. please help!!!

Post by jceresini »

You can put the files outside of your document root. You can also setup directory security in .htaccess files for apache, or through IIS directory settings.

You can password protect the folder using the following information in apache/linux:
http://www.hostmysite.com/support/linux ... /htaccess/

You can also remove execute permissions on the folder for the user apache is running, if you are using a linux server.

In iis you can right click the folder and go to properties. From there remove read privileges in the security tab

Joe Ceresini
Network Engineer
jceresini@hostmysite.com
HostMySite.com
Post Reply