Hello stackoverflow community! I've got question about website security! I'm new in creating TVS so I want to ask you about this include file stuff. Let's say, I've got index.php file which has: include_once 'style/header.php'; and the file header.php contains:
<html>
<head>
<title>Some title!</title>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<script type="text/JavaScript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js"></script>
<link href="css/style.css" rel="stylesheet" type="text/css">
<link rel="Shortcut Icon" type="image/x-icon" href="images/favicon.ico" />
</head>
<body>
So if some one will try to directly access header.php he will see html tags. How can I block access to included file or encrypt them? Or maby there is other stuff what programmers do?
you can insert this line of code at the start of your header file
<?php if(strtolower(__FILE__) == strtolower(realpath(".".$_SERVER['SCRIPT_NAME']))) { die("direct access is not allowed."); } ?>
this will not allow direct access to the file but allow including.