Restricting External Access To PHP Files Tutorial Author - Limitless (http://www.llstudios.net)

Sometimes, when you are writing your PHP script, you'll write Classes and Functions that you will use in your script in external files so that they might be included( ) or required( ) at any time.   The same could be said about configuration files - You have certain settings in the form of variables in a external configuration file that you load in the different pages of your script so that they might be shared and edited with ease.

The downside to this method is that you usually do not want someone to access those external files individually and apart from their library. For example, they are only used to be included( ) or required( ) in your script and are not meant for someone to access them by just pointing their browser to their location.

But what can you do to prevent access to these files and limit such access only to your script? Fortunately there is one trick we can utilize, and that is by using constants.


What Are Constants?
A constant in PHP is simply a variable that, once defined, cannot have its value changed during the remaining course of the script's execution. Constants can be used to define variables whose value will remain static through a script to ensure their authenticity such as, for example, a database User Name or Password. Fortunately for us, we can take constants to a new level in PHP.

By defining a constant in the calling script of the included( ) file, and adding a check for that constant in the child file, which is the included( ) file, we can ensure that the file can never be accessed by itself and is indeed only called from other scripts.

Confused? Let's see some examples and code to make the picture a little brighter. Imagine you have a called functions.php, whose only purpose is to house the most common functions you created and use in your web development project. An example is below:

<?php // functions.php : House Most Common Functions To Be // Used In Other Scripts. function a( ) {      // Do Something } function b( ) {      // Do Something Else } function c( ) {     // Do Something Else Else } ?>

Imagine you have another script, which simply displays the current user name and does that by calling function a( ), which is defined in the functions.php file. We will call this file index.php.

Apparently the only purpose for the functions.php is to be included in our main script so that we can utilize its functions. But there is nothing to stop a user from pointing their browser to http://www.yourdomain.com/functions.php. This is perfectly legal and the file will load normally, but what if our file contained some sort of data that is displayed on screen? If the file is called this way, the data will be displayed. But we do not want it to be displayed except in our main script! Hope is not lost, however, because we can use constants to prevent this from happening.

Here is the new code for the functions.php file:

We then simply change our main script to include a declaration of a constant. Keep in mind that this declaration must be before the functions.php is included( ) - otherwise, the constant will be outside its scope.

<?php /** * Define Constant. * * This makes sure that included files are allowed access only to this script. */ define( 'parentFile' , 1 ); // Load Functions. require_once( 'functions.php' ); // Our Main Script For Our Website. echo 'Hello John. Your User Name is ' . a( ); ?>

Conclusion
Our problem is now solved. Duplicate this example for your needs and try it out. You will find that external access to child files will not be allowed. Pretty simple, fast, and secure. Unfortunately not a lot of people know about this neat trick, so I hope many will benefit from this cute little tutorial. Enjoy!