Stop Execution of PHP Pages

Some files are login protected in PHP application and some are include files that need not run directly and can hold some important data not for direct public view.

For each login-protected page you will write login check script at top of the page.


<?php
If not login then
Redirect to login page
?>

Now, what to do with included file we include using 'include', 'require', 'include_once' or 'require_once', which are very important and are not for visitors for security reasons.


<?php
include 'important.php';
?>

important.php file can be accessed directly by its URL on web server.

For this you can do:
1. Save all important/included files outside of web root. This way this file can only be included and cannot be accessed by any URL.

2. Use Apache configuration file (conf/httpd)

Write these lines of codes on Apache config file for denying access to file with extension 'inc/inc.php':

<Files ~ ".inc.php|.inc$">
Order allow,deny
Deny from all
</Files>

Now when user access file with extension "inc" or "inc.php", user/visitor will get these message:

Forbidden
You don't have permission to access /phptest.inc on this server.
Apache/2.0.50 (...) Server at ..... Port __

OR
Customized error page made for this situation.

3. Apart from above methods, you can also write small codes within included/important file itself that stops file execution.

Comments are open for an year period. Please, write here on Facebook page.