Hello, just got a new website up and running. I use several PHP includes to make sitewide changes easy.
For example I have a settings.php file that just contains my doctype and my <head></head> stuff. I don’t want this visible for someone to just go to my site and do ryanreese.us/settings.php (not that people should know it exists)…but still.
What permissions would I have to set for this to happen?
I was unable to think of the correct keywords in a google search.
I would say just bury it a few folders deep that no one will ever fine. All the same, does it really matter if anyone sees the file? They can see the results in the HTML anyhow.
Burying it a few folders deep only hides the problem. I’d really just prefer to set the file permissions. Knowing that people could get to it nags at me.
Its not file permissions you want. You have to move it outside of the web root.
Would I still be able to access the files for PHP includes? Where else do I put those files if not in the web root?
Yes you would be able to. I don’t know how you are setup, but usually “public_html” is the web root, anything above that would be the best.
Yes there is one level above that :).
Does that sound right? Anyway once I move files over there will I need to change the URLs of my includes to match?
I’m about to go to bed now so I will try it in the morning to either confirm or deny the changing of URLs being needed.
You will have to change the path…You should not be using URL (http) in PHP includes.
I’m not using the URL in PHP includes, I’m just doing
That kind of thing. To target the base directory. How do I go even further up then?
“…/” goes up one directory.
Everything sorted now. Decided to just go in there and do it now. Took all of 5 minutes.
Thanks again, didn’t know about that trick to hide files. I learned something today :tup:!