Direct access to files / folders | Talk Web Hosting

Ah, if you want dynamic control over accessible files – forbid access to "inputs.php" unless the user is logged in – then the ".htaccess" file can not really help you because it is a static file, so its rules are all static.

For dynamic access control, you can add it to your ".htaccess" file:

RewriteEngine On
RewriteCond% {REQUEST_URI}! ^ / Index.php $
RewriteRule ^ (. +) $ /Index.php [NC,L]

These lines check if the requested URL is not "index.php" and, if so, rewrite it as "index.php". Or, in other words, it redirects all queries to "index.php" (and we really hear all the queries – not just the PHP files, but the images, the browser looking for "favicon.ico", the related resources and finally everything goes to "index.php").

Since everything is redirected to "index.php", this effectively blocks any access to any other file.

And then, in "index.php", the trick is to find the variable "$ _SERVER[‘REQUEST_URI’]because it contains the URL originally requested.

So, if a user navigates to "inputs.php", then what happens will be rewritten to "index.php" – so it's "index.php" which will always be called – then "$ _SERVER[‘REQUEST_URI’]"will contain" /inputs.php "because that is what was originally requested.

Then the idea is that you can have a table in your "index.php", which maps URLs to file names. Something like that:

$ pages =
[[[[
& # 39; / & # 39; => & # 39; home.php & # 39;
& # 39; / login & # 39; => & # 39; login.php & # 39;
];

And then you look at "$ _SERVER[‘REQUEST_URI’]"in your table to find the actual underlying file name, and then simply include it:

$ req = $ _SERVER[‘REQUEST_URI’];
if (isset ($ pages[$req]))
{
include ($ pages[$req])
}
other
{
// no URL found, launches 404 "Not Found"
http_response_code (404);
}

In this way, PHP code is used to map URLs to filenames. So you can control the accessible URLs. As it is PHP code, you can do it dynamically – for example, you can check if the user is logged in and, if necessary, add an entry for "inputs.php" in the array, then this file becomes conditionally accessible.

You will notice that another benefit is that URLs do not need to be linked to the underlying files or the file system. You can use this for "pretty URLs" – as above, map access to "login.php" to "/ login" because it's a nicer URL. Or you can have multiple URLs all pointing to the same underlying file – to provide "aliases".

This gives you total control, via PHP, on what is and is not accessible.

The disadvantage – as you well know, there would be one – is that it also means that every access to a file must launch PHP code to check if the file is accessible. This will generally slow things down, compared to launching PHP when it comes to a ".php" file.

So, a variant is to change this condition in the ".htaccess" file to redirect only ".php" files to "index.php" while allowing other files – .jpg, .png, .css, etc. – to be served by Apache in the usual way.

(And this, by the way, is in fact, in essence, what WordPress and other CMS do.) That's how they can produce these "pretty URLs" for pages (dynamically obtained from 39, a database.) The actual rules of WordPress are a bit more It will serve any existing file in the file system, but will be redirected to "index.php" for anything else.)