I use a page to authorize a user and based on certain criterias (user group etc) include a file in another directory (named private)... Everything is working fine but the problem is anyone goign directly to private/includefile.php can run the script without authorising themselves...
Is it possible to set folder permission such that files inside it cant be open directly but could be included?
Configure apache to not allow access to the private directory... That will stop web browsers from getting there, but still allow your php script to include() a file within it.
Something like the below if you're using apache. Other servers have similar functionality...
<Location /url/to/private/directory>
Order deny,allow
Deny from all
</Location>-philip
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
