I have a private folder in my MVC directory structure where I want to deny all access to. The only way this folder (and containing files) should be accessible is through includes only.
For the public folder, anyone should be able to access that as that is my View.
The root index.php is my entry file, and that should be able to include and execute the private index.php script.
Anybody that can help me out or point me to the right direction with achieving this?
private
model
controller
core
config.ini.php
index.php
...
public
stylesheets
signup.php
login.php
index.php
...
index.php
Two ways to do it:
1: Proper way
/homedir/ - where your website is
/homedir/private/ - where your private files are
/homedir/httpdocs/ - public part of the website
2: Another way
/httpdocs/private/ - private files
/httpdocs/private/.htaccess - Order allow,deny Deny from all
/httpdocs/ - the rest of the files
However, you should know that should your webserver hang up, or change some particular settings - your .htaccess file might become inactive.
Which means that all your private files will become available via browser.
That's why first way is prefered over .htaccess restrictions.
What else is possible? Code level restriction:
In every public php script define a constant:
define("MY_SECRET_CONSTANT", 1);
In every private php script check if constant is defined on the first line of the code:
if(!defined("MY_SECRET_CONSTANT")) { die("Cannot open the file directly."}