View Full Version : Hiding from public view

03-05-2009, 07:30 PM
OK so I have some files I want to publish on the web but I do not want anyone having any access to them even with the absolute path. Do I want to put a user name and password limit on one page and have it redirect to the page from there? I am very new to PHP and dynamic web pages altogether. Any help would be appreciated. Thank you.

03-05-2009, 07:44 PM
Move it above you're document root and read it in with PHP.

/ Files in question
+ index.php

Then read it in with php, a simple include will probably do, or use a io read:


require_once dirname(__FILE__) . '/../supportfiles/myfile.txt';

03-05-2009, 11:06 PM
Sorry this is new to me. So move the php above the directory where my files reside?


require_once dirname(__FILE__) . '/../supportfiles/myfile.txt';

When I use the require once do I add protectedfile.php and then .

What is the purpose of that .txt file? To output whatever I want? How does it protect someone from typing in "directory/protectedfile.php"

03-06-2009, 12:22 AM
myfile.txt is you're published file. I don't know what you want to do with it, so I don't know if you plan on including text, or html, or php or whatever it is.
What prevents them from typing it in is being above you're public_html directory. Anything outside of public_html is not published (or whatever you're doc root is, generally its public_html in the user's home folder on linux). So, based on the structure I've posted (with no other directories in public_html), typing http://yoursite.com/directory/protectedfile.php will result in a 404 error, since it doesn't actually exist there.
Unpublished files generally refer to data file of some sorts, whether they are images, flat text files, xml etc. PHP is generally not stored above document root, there is really no need to hide a processing file - for this you would deal with sessions to control the file access.

03-06-2009, 03:57 AM
Do you consider this a safer approach than say a .htaccess direction? Thank you for being so patience with a newbie like me. :)

03-06-2009, 04:20 AM
Do you consider this a safer approach than say a .htaccess direction? Thank you for being so patience with a newbie like me. :)

htaccess will only work on an apache server, this method works on Apache and IIS. This of course only protects a file from direct access, its up to you're scripts to ensure that any authentication is handled.

03-06-2009, 08:21 PM
OK one last thing. I have a Linux/Apache setup and I do not have that folder called public_html does that matter?

03-06-2009, 08:55 PM
What folder do you put your "published" files in? Do this

<?php echo $_SERVER['DOCUMENT_ROOT']; ?>
Post what you get.

03-06-2009, 09:12 PM


03-09-2009, 03:54 PM
Any ideas?

03-09-2009, 04:28 PM
Create a folder beside your webroot, and store your private file here... and then use Fou-Lu method to read the file into your webpage.