duanmeng1862 2011-11-11 09:22
浏览 75
已采纳

如何限制用户访问php中的文件夹?

I have searched it all around but couldn't find it all i want to know is i have a folder called temp like

->public_html

-->temp

now how do i restrict a user from accessing it from outside server like it gives an error when someone includes it in their php script? i want to do it through php not through .htaccess or apache i tried chmod but it restricts the whole website from the local server only. i have done the constant thing also but if someone knows the constant name then he can still extract the data.

  • 写回答

3条回答 默认 最新

  • drxt70655 2011-11-11 09:26
    关注

    You can't include a remote PHP file. If they have allow_furl_open and allow_url_include set to true and use include('http://yoursite/temp/yourfile.php'), then what gets included is the output of that PHP file. Not the PHP source itself.

    So when you have a php file with the following contents:

    <?php
    $password = "secret";
    echo "Test";
?>

    And someone includes that file remotely, they'll only get "Test" back, which isn't valid PHP syntax. They won't be able to see the contents of the file, only what gets outputted. The file runs on the remote (or in this case your) server. Whoever includes it gets the output after execution on that server.

    So you don't have to do anything like if (!isset(some_magical_constant)) die("Go away!"), that's just plain silly, but unfortunately I've seen it all over the web.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(2条)

报告相同问题?

悬赏问题

  • ¥15 目前主流的音乐软件,像网易云音乐,QQ音乐他们的前端和后台部分是用的什么技术实现的?求解!
  • ¥60 pb数据库修改与连接
  • ¥15 spss统计中二分类变量和有序变量的相关性分析可以用kendall相关分析吗?
  • ¥15 拟通过pc下指令到安卓系统,如果追求响应速度,尽可能无延迟,是不是用安卓模拟器会优于实体的安卓手机?如果是,可以快多少毫秒?
  • ¥20 神经网络Sequential name=sequential, built=False
  • ¥16 Qphython 用xlrd读取excel报错
  • ¥15 单片机学习顺序问题!!
  • ¥15 ikuai客户端多拨vpn,重启总是有个别重拨不上
  • ¥20 关于#anlogic#sdram#的问题,如何解决?(关键词-performance)
  • ¥15 相敏解调 matlab