View Full Version : php includes & .htaccess

05-09-2010, 07:55 PM
I am new to php, have been studying for weeks reading books and what not also relentlessly accessing you site for vids so thanks davidj! :mrgreen: My problem however is that I want to restrict access to my precious includes directory containing all my coding. I cannot seem to configure my .htaccess to not allow direct viewing but just to allow the code to be executed. It seems like such a simple problem but its holding up my fun with building my site! I have googled it and searched pages and pages and I can't seem to see any answers that I can use, it might be down to my lack of understanding mind you. Please help, I hate not being able to understand things and this just seems so simple :confused:.... Il grab a coffee and try again.

05-09-2010, 09:41 PM
What do you mean by 'direct viewing'?

Do you have an example

05-10-2010, 01:32 AM
Sorry, I meant via http in the browser. So you can't see the php but it can still be run.

05-10-2010, 04:36 AM
you wont see the php code

05-10-2010, 07:40 AM
Well the newer version of Firefox actually allows you to DOWNLOAD the .php file instead of viewing it! Pretty big oops if you ask me. Plus there are some addons for it that allow you to view some of the php coding. But I am just building a site for my own amusement so I am not that concerned I just wanted to know for future reference. I am not that familiar with the whole .htaccess thing and wondered if it could be used in such a manner.

05-10-2010, 01:27 PM
If everything is set up correctly, php is executed on the server before it gets sent to the browser. The browser can view/download the contents of the processed php file but not the php coding itself.

05-10-2010, 02:00 PM
Well the newer version of Firefox actually allows you to DOWNLOAD the .php file instead of viewing it!
It does not have anything to do with the browser.
Your server is not set up to use PHP.

05-10-2010, 04:22 PM
Ok cool, I just wanted to make sure there was no method to vewing my source. If your all convinced that its ok then I trust your expertise. As you can probably tell by my questions, I am no pro thats for sure.

05-10-2010, 04:42 PM
If you can see the PHP code in the browser, everything is not ok :)

Do you have an example url?

05-10-2010, 06:51 PM
No no, having tried repeatedly and I cannot see it. I can just see a blank page when I manually type the include location into the url. It was just that while "experimenting" I discovered I could save a .php to the desktop and when I opened it with the old Firefox it just displayed the html but with the new Firefox it asked me to save or open with... if you clicked open with Firefox it just repeated the save file process. I was just curious as to if you could block access to the includes dir from the browser so it would bring up a "you are not authorised" screen instead of the blank page but still allow the php coding to be executed by the page with a link to the include dir. I think its overkill judging by what your saying but as they say "better safe than sorry"

05-10-2010, 08:19 PM
As long as the group ownership is apache and you have assigned access rights to 644 then all should be well in the world