Hello, I have a website where I have a folder which contains a php file containing itself all the major php functions of my website. They are in the form: function name(params) { ... } Code (markup): And there is nothing else than functions. Nothing is executed when running this file. However this file is accessible from url. My question is: Is it possible for someone to execute a function in this file and getting the results? (someone which is not on my server) Would an htaccess authentification help? Thank you for your help!
Assuming nothing is executed nor returned than no there should be no problem. If you're still worried just add this at the very top of the page: if (strpos($_SERVER["SCRIPT_NAME"], "thefilename.php")) { die("You cannot directly access this file"); } PHP: Replacing "thefilename.php" with the name of the file you put the code in.
OK, Thanks a lot... I guess I'll put in this code. Except what do I need to replace "SCRIPT_NAME" with? Or should I leave it like this? Thank you again. And I also have another question even though I'm not sure this is the right place: Is there a way to bypass htaccess authentification? I've heard about cURL/php extension that could maybe hack in it. Does anyone know about this? Thank you.
Basically what my code is doing is checking if the person is directly accessing the file by seeing if the file being accessed (which can be found by looking in $_SERVER['SCRIPT_NAME']) is the same name as the current file (if it is then the person is trying to load this file, which we don't want) and of course we kill the script and tell them to go away. And as far as bypassing .htaccess, I'm pretty sure that discussion is not allowed here.
OK, I now understand how your script works... It make the file only usable through include in another php script. It's a good idea... I think I'll put it in. Thanks again. And I understand for the htaccess question... I'll try to search on internet!