File access

I want to check the key, like you make a request to “”, and the file “check_key.php” opens the file “keys.txt”, and if the key that is passed through the parameters of the request are written to the file, then the client returns “True”, and if not, then “False”. The problem is that users can simply open the file at the path “” and see the correct keys.
It is possible to deny access to the file for ordinary users, but this does not work, I can read the file even if I set the access settings so that only “owner” can read the file (I used vpn to check). As I understand it, “check_key.php” performs check on behalf of “owner”.

How can you make it so that the user cannot open the file in the browser, but php scripts can?

Make it into a PHP file, and save the keys as variables, or use a database.

The user can simply open the source code of the page, and look at which sql server the script is connected to to verify the key, and connect to it himself.

Not if you are using PHP. Browsers cannon view PHP.

1 Like

If the user tries to download the site folder via, then open this archive, and see php files?

I could guarantee that there are tutorials out in the web about this, and if not ask it on Stackoverflow.



As I already said,

1 Like

Another option is to use .htaccess rules to block access to a file. You can block access to keys.txt using this code:

<Files "keys.txt">  
  Require all denied

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.