php - 如何拒绝直接访问网站文件但允许网站文件通过包含'file.php'相互访问?
问题描述
如果来自外部的用户想要使用 url 打开网站文件但允许网站文件通过在 php 文件中包含“file.php”来相互访问,如何拒绝直接访问网站文件。
我有一个 .htaccess 文件。我可以这样做吗?
解决方案
You do this by having the PHP files outside of your webroot. Your scripts that actually need to be accessible need to be in or beneath your webroot. You typically see PHP projects these days that have a structure like this:
/projectname
/app
/src
/web
The use of composer for dependency/component library management is the state of the art these days and if you are using it it will create other directories like vendor.
So your front controller or other web accessible scripts go into projectname/web
and this is what you set your webroot to.
Your other scripts go into the /projectname/src.
Your include/require statements need a filesystem path, so you can reference them either via relative addressing or using a full path.
Typically people will have a bootstrapping include or use a front controller (everything goes through index.php) where include paths are setup. With component libraries you also want your class loader to be instantiated to resolve any libraries you might be using in your project.
Again the use of composer is highly recommended and will generate your class loader for you, and then it's just a matter of making sure it is included.
推荐阅读
- javascript - 离开/关闭标签前的确认?
- python - Django 身份验证登录不返回任何内容
- swift - `MTLTextureDescriptor has invalid pixelFormat (0) 我该怎么办?
- android - java.lang.RuntimeException:无法实例化应用程序android.app.Application:java.lang.IllegalStateException:(应用程序不断崩溃)
- python - 在使用 ElementTree 解析之前,如何检查 XML 中是否存在标签?
- python - Django:在 runserver 之后立即运行脚本
- excel - 如何将多列插入Excel中的两列?
- angular - 如何在Angular中的http get函数中从返回中获取数据
- android - webView android上的服务器挂断
- sql - 存在与存在;导致(声称的)性能差异的实现细节