Or you could do something like: if(!empty($PHP_SELF)) { if(stristr($PHP_SELF," config.php")) { header("Status: 404 Not Found"); } }
that's assuming you use the register_globals. If not, then you could simply grab $PHP_SELF from the environment variables. Ryan -----Original Message----- From: Neil Thomson [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 09, 2002 12:31 PM To: Tom; [EMAIL PROTECTED] Subject: Re: [PHP-DB] Protecting php scripts from source being downloaded u can download a php page from a download manager ? i just tryed with flashget... & it phrased the php page into html first.. ? ? if you want to protect your say.. variables file from some1 trying in the address of it. heres a simple way. in the variables file include @header(status: error 404); (or how ever that code goes). then in the page u want to include this. start the html tag first <html> then include this page. the @ will make it not report errors. so u can inclue the page perfectally.. & when people try to look @ it, it will say it doesnt exist. Neil ----- Original Message ----- From: Tom <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, January 09, 2002 8:00 AM Subject: [PHP-DB] Protecting php scripts from source being downloaded > Hi, im kinda new to this so be kind :) > > Im using mysql and php to create test databases (guestbook etc, basic > stuff), but it doesnt seem so secure, people can just use a download manager > to download the php files and steal the mysql passwords. Is there anyway to > make it so they can see the php files through the brower but not download my > homecrafted php? > > Ive looked through many websites and the history of this, all I could find > was one post which was to encript the files (this isnt really suitable for > me as I edit bits and bobs as I go along). Is there anyway I can setup > access as said in the above? Or just hid the password somehow? Im using IIS > 5.1. > > thanks > tom > > > > -- > PHP Database Mailing List (http://www.php.net/) > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > To contact the list administrators, e-mail: [EMAIL PROTECTED] > -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]