Re: [PHP] avoid server folder reading

2008-01-21 Thread Eric Butera 
On Jan 20, 2008 6:13 AM, Richard Heyes <[EMAIL PROTECTED]> wrote:
> If your server's default file is index.php, you could use the following
> in an index.php file:
>
>   header('Location: /');
> ?>
>

You really shouldn't use relative paths in a header location.


http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html

14.30 Location

The Location response-header field is used to redirect the recipient
to a location other than the Request-URI for completion of the request
or identification of a new resource. For 201 (Created) responses, the
Location is that of the new resource which was created by the request.
For 3xx responses, the location SHOULD indicate the server's preferred
URI for automatic redirection to the resource. The field value
consists of a single absolute URI.

   Location   = "Location" ":" absoluteURI

An example is:

   Location: http://www.w3.org/pub/WWW/People.html

  Note: The Content-Location header field (section 14.14) differs
  from Location in that the Content-Location identifies the original
  location of the entity enclosed in the request. It is therefore
  possible for a response to contain header fields for both Location
  and Content-Location. Also see section 13.10 for cache
  requirements of some methods.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] avoid server folder reading

2008-01-20 Thread Richard Heyes 

Will that not result in an infinite redirection loop?
Or am i missing something very obvious !


If it's placed in the root folder of the website, yes. But why do that? 
If, however, that's what is required just put an empty index.html file 
there.


--
Richard Heyes
http://www.websupportsolutions.co.uk

Knowledge Base and Helpdesk software that eases your support
burden and helps increase your sales.

** NOW OFFERING FREE ACCOUNTS TO CHARITIES AND NON-PROFITS **

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] avoid server folder reading

2008-01-20 Thread Anup Shukla 

Richard Heyes wrote:

I would like to know how to avoid (using PHP code) any user to read the
content of my website folder ?
as my website is hosted by and external company, i do not have access to
apache conf file.


If your server's default file is index.php, you could use the following 
in an index.php file:




If it's index.html, you could use the following:





Try the PHP version first.



Will that not result in an infinite redirection loop?
Or am i missing something very obvious !

--
Regards,
Anup Shukla

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] avoid server folder reading

2008-01-20 Thread Richard Heyes 

I would like to know how to avoid (using PHP code) any user to read the
content of my website folder ?
as my website is hosted by and external company, i do not have access to
apache conf file.


If your server's default file is index.php, you could use the following 
in an index.php file:




If it's index.html, you could use the following:





Try the PHP version first.

--
Richard Heyes
http://www.websupportsolutions.co.uk

Knowledge Base and Helpdesk software that eases your support
burden and helps increase your sales.

** NOW OFFERING FREE ACCOUNTS TO CHARITIES AND NON-PROFITS **

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] avoid server folder reading

2008-01-20 Thread Alain Roger 
this is what i already did before asking :-)

On Jan 19, 2008 7:53 PM, Nathan Nobbe <[EMAIL PROTECTED]> wrote:

> On Jan 19, 2008 1:46 PM, Alain Roger <[EMAIL PROTECTED]> wrote:
>
> > Sorry if my post was not clear...
> > in fact i would like to hide the contant of my webfolders and avoid user
> > to
> > see the index of "folders"... for sure users should be able to browse
> > the
> > website, but not to see its structure by browsing the index :-)
>
>
> then define an index.php file  for each directory that routes the users
> appropriately.
>
> -nathan
>
>


-- 
Alain

Windows XP SP2
PostgreSQL 8.2.4 / MS SQL server 2005
Apache 2.2.4
PHP 5.2.4
C# 2005-2008

Re: [PHP] avoid server folder reading

2008-01-19 Thread Casey 
On Jan 19, 2008 6:36 PM, Nathan Nobbe <[EMAIL PROTECTED]> wrote:
> On Jan 19, 2008 7:50 PM, Jochem Maas <[EMAIL PROTECTED]> wrote:
>
> > my reply was to the OP, not you as such, given that your also answering
> > his question,
> > sorry for the misunderstanding.
>
> i think half the time i get confused myself; like this morning when you said
> show us your
> exact code, to the OP of the thread, and i was like; 'i just posted my exact
> code' :)
>
>
> > that said I have found it's often a worthy exercise to poke/prod the OP as
> > to what they are really trying to achieve rather than blindly assume that
> > what
> > they are asking is what they really want - this is quite often not the
> > case - I think
> > you;ll agree :-)
>
>
> such was the case w/ the thread where tedd asked about embedding   in
> the name
> attribute of a input tag of type submit.
> everybody was going on about how to handle it on the server side and i was
> like, just
> end it w/ a little css.  so yeah, i def agree.
>
> -nathan
>

Just add a simple index.php to every folder you want to hide, if you
want a "PHP solution".

index.php:
header('Location: http://yoursite.com');

-Casey

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] avoid server folder reading

2008-01-19 Thread Nathan Nobbe 
On Jan 19, 2008 7:50 PM, Jochem Maas <[EMAIL PROTECTED]> wrote:

> my reply was to the OP, not you as such, given that your also answering
> his question,
> sorry for the misunderstanding.

i think half the time i get confused myself; like this morning when you said
show us your
exact code, to the OP of the thread, and i was like; 'i just posted my exact
code' :)


> that said I have found it's often a worthy exercise to poke/prod the OP as
> to what they are really trying to achieve rather than blindly assume that
> what
> they are asking is what they really want - this is quite often not the
> case - I think
> you;ll agree :-)


such was the case w/ the thread where tedd asked about embedding   in
the name
attribute of a input tag of type submit.
everybody was going on about how to handle it on the server side and i was
like, just
end it w/ a little css.  so yeah, i def agree.

-nathan

Re: [PHP] avoid server folder reading

2008-01-19 Thread Jochem Maas 

Nathan Nobbe schreef:
On Jan 19, 2008 3:08 PM, Jochem Maas <[EMAIL PROTECTED] 
> wrote:


or alternatively use that .htaccess to deny apache index listings.


i of course use .htaccess, but OP was asking for a php based solution, so
thats what i supplied, thats all.


my reply was to the OP, not you as such, given that your also answering his 
question,
sorry for the misunderstanding.

that said I have found it's often a worthy exercise to poke/prod the OP as
to what they are really trying to achieve rather than blindly assume that what
they are asking is what they really want - this is quite often not the case - I 
think
you;ll agree :-)



-nathan



--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] avoid server folder reading

2008-01-19 Thread Nathan Nobbe 
On Jan 19, 2008 3:08 PM, Jochem Maas <[EMAIL PROTECTED]> wrote:

> or alternatively use that .htaccess to deny apache index listings.


i of course use .htaccess, but OP was asking for a php based solution, so
thats what i supplied, thats all.

-nathan

Re: [PHP] avoid server folder reading

2008-01-19 Thread Jochem Maas 

Nathan Nobbe schreef:

On Jan 19, 2008 1:46 PM, Alain Roger <[EMAIL PROTECTED]> wrote:


Sorry if my post was not clear...
in fact i would like to hide the contant of my webfolders and avoid user
to
see the index of "folders"... for sure users should be able to browse the
website, but not to see its structure by browsing the index :-)



then define an index.php file  for each directory that routes the users
appropriately.


or alternatively use that .htaccess to deny apache index listings.

that said if your site is well setup everything in the document root should
be neatly accessible and it shouldn't really matter how someone accesses it.

all [php] files you include can live happily outside of the webroot,in cases
where this is not feasable (e.g. hosts that use the homedir as the webroot)
you can use a simple .htaccess containing 'Deny From All' in a directory that
stores all your include files.



-nathan



--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] avoid server folder reading

2008-01-19 Thread Nathan Nobbe 
On Jan 19, 2008 1:46 PM, Alain Roger <[EMAIL PROTECTED]> wrote:

> Sorry if my post was not clear...
> in fact i would like to hide the contant of my webfolders and avoid user
> to
> see the index of "folders"... for sure users should be able to browse the
> website, but not to see its structure by browsing the index :-)


then define an index.php file  for each directory that routes the users
appropriately.

-nathan

Re: [PHP] avoid server folder reading

2008-01-19 Thread Alain Roger 
Sorry if my post was not clear...
in fact i would like to hide the contant of my webfolders and avoid user to
see the index of "folders"... for sure users should be able to browse the
website, but not to see its structure by browsing the index :-)

On Jan 19, 2008 7:41 PM, Richard Lynch <[EMAIL PROTECTED]> wrote:

> On Sat, January 19, 2008 11:57 am, Alain Roger wrote:
> > I would like to know how to avoid (using PHP code) any user to read
> > the
> > content of my website folder ?
> > as my website is hosted by and external company, i do not have access
> > to
> > apache conf file.
>
> You're not making a lot of sense, really...
>
> I you don't want ANY users to see ANYTHING that's in your folder,
> don't have a website. :-)
>
> The whole point of a website IS to show the world a bunch of stuff in
> that folder.
>
> So what you really must mean is (probably) one of these:
>  hide the contents of some sub-folder
>  hide some of things in that folder, but not others
>  hide the included files
>  hide specific content
>  hide content from non-registered users
>
> Pick one and we can answer that, or you can Google for it.
>
> --
> Some people have a "gift" link here.
> Know what I want?
> I want you to buy a CD from some indie artist.
> http://cdbaby.com/from/lynch
> Yeah, I get a buck. So?
>
>


-- 
Alain

Windows XP SP2
PostgreSQL 8.2.4 / MS SQL server 2005
Apache 2.2.4
PHP 5.2.4
C# 2005-2008

Re: [PHP] avoid server folder reading

2008-01-19 Thread Alain Roger 
I should be able to setup a .htaccess file.

On Jan 19, 2008 7:17 PM, Jochem Maas <[EMAIL PROTECTED]> wrote:

> Alain Roger schreef:
> > Hi,
> >
> > I would like to know how to avoid (using PHP code) any user to read the
> > content of my website folder ?
>
> what exactly are you trying to avoid being read? and in what context?
>
> > as my website is hosted by and external company, i do not have access to
> > apache conf file.
>
> are you able to use .htaccess files?
>
> >
> > thanks a lot,
> >
>
>


-- 
Alain

Windows XP SP2
PostgreSQL 8.2.4 / MS SQL server 2005
Apache 2.2.4
PHP 5.2.4
C# 2005-2008

Re: [PHP] avoid server folder reading

2008-01-19 Thread Richard Lynch 
On Sat, January 19, 2008 11:57 am, Alain Roger wrote:
> I would like to know how to avoid (using PHP code) any user to read
> the
> content of my website folder ?
> as my website is hosted by and external company, i do not have access
> to
> apache conf file.

You're not making a lot of sense, really...

I you don't want ANY users to see ANYTHING that's in your folder,
don't have a website. :-)

The whole point of a website IS to show the world a bunch of stuff in
that folder.

So what you really must mean is (probably) one of these:
  hide the contents of some sub-folder
  hide some of things in that folder, but not others
  hide the included files
  hide specific content
  hide content from non-registered users

Pick one and we can answer that, or you can Google for it.

-- 
Some people have a "gift" link here.
Know what I want?
I want you to buy a CD from some indie artist.
http://cdbaby.com/from/lynch
Yeah, I get a buck. So?

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] avoid server folder reading

2008-01-19 Thread Jochem Maas 

Alain Roger schreef:

Hi,

I would like to know how to avoid (using PHP code) any user to read the
content of my website folder ?


what exactly are you trying to avoid being read? and in what context?


as my website is hosted by and external company, i do not have access to
apache conf file.


are you able to use .htaccess files?



thanks a lot,



--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] avoid server folder reading

2008-01-19 Thread Nathan Nobbe 
On Jan 19, 2008 12:57 PM, Alain Roger <[EMAIL PROTECTED]> wrote:

> Hi,
>
> I would like to know how to avoid (using PHP code) any user to read the
> content of my website folder ?
> as my website is hosted by and external company, i do not have access to
> apache conf file.


you could take the code igniter approach.

have a script, like config.php, that has a constant; anything, like
define('IM_ALIVE',  true);

then, require that all your scripts must have this file included, first
thing.
and at that point you can do something like this:

if(!defined('IM_ALIVE')) { die('no direct access to scripts allowed!'); }

-nathan

[PHP] avoid server folder reading

2008-01-19 Thread Alain Roger 
Hi,

I would like to know how to avoid (using PHP code) any user to read the
content of my website folder ?
as my website is hosted by and external company, i do not have access to
apache conf file.

thanks a lot,

-- 
Alain

Windows XP SP2
PostgreSQL 8.2.4 / MS SQL server 2005
Apache 2.2.4
PHP 5.2.4
C# 2005-2008