CodeIgniter Forums
Restricting direct access to your view-files? - Printable Version

+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forum-20.html)
+--- Forum: Archived General Discussion (https://forum.codeigniter.com/forum-21.html)
+--- Thread: Restricting direct access to your view-files? (/thread-28210.html)



Restricting direct access to your view-files? - El Forum - 03-04-2010

[eluser]sorenchr[/eluser]
Hi, I'm new to CodeIgniter, I was wondering if it's considered a good practice to restrict direct access to your view-files? Obviously they are going to contain a lot of php-code that relies on variables and what not passed to them from the controller, so the php-code could easily come up with an error if it's directly accessed couldn't it?

Thanks for your time.


Restricting direct access to your view-files? - El Forum - 03-04-2010

[eluser]n0xie[/eluser]
Put your application folder outside the wwwroot and you won't have to worry about it.


Restricting direct access to your view-files? - El Forum - 03-04-2010

[eluser]sorenchr[/eluser]
I'm using a shared webhost who does not allow document upload outside of the wwwroot, is there another way?


Restricting direct access to your view-files? - El Forum - 03-05-2010

[eluser]sorenchr[/eluser]
Bump. Either this is a really obvious question, or no one knows the answer Smile. I thought this was a widely asked question, seeing that as a developer, one of your primary goals is to avoid your code to break before the user.


Restricting direct access to your view-files? - El Forum - 03-05-2010

[eluser]pistolPete[/eluser]
You can use a .htaccess file in the system folder with the following content:

Code:
DENY FROM ALL



Restricting direct access to your view-files? - El Forum - 03-05-2010

[eluser]sorenchr[/eluser]
[quote author="pistolPete" date="1267796516"]You can use a .htaccess file in the system folder with the following content:

Code:
DENY FROM ALL
[/quote]

Thanks! But I'm wondering, isn't it considered common practice to restrict direct access to your view-files? If no, then why not?


Restricting direct access to your view-files? - El Forum - 03-05-2010

[eluser]helmutbjorg[/eluser]
Just stick the following line in the top of your view files:

Code:
<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');

And to stop people browsing to the directoy simply place a index.html file in the views folder with the following code:

Code:
<html>
<head>
    <title>403 Forbidden</title>
</head>
<body>

<p>Directory access is forbidden.</p>

&lt;/body&gt;
&lt;/html&gt;