Preventing direct access to php files

Question

Here is an example of my file structure.

/index.php
/inc
/inc/file1.php
/inc/file2.php
/inc/file3.php
/search.php

index.php includes() file

Answer 1

In index.php you can define a constant like this:

define('RESTRICTED',1);

Then in your other pages you put this after <?php

if(!defined('RESTRICTED'))exit('No direct script access allowed!');

When the other pages are accessed directly the code above sees that RESTRICTED has not been set, hence it will exit.

Answer 2

Get them outside the document root:

/documentroot/index.php
/inc/file1.php
/inc/file2.php
/inc/file3.php

So, there is no direct access to them whatsoever.

Answer 3

make a .htaccess file and put it in the inc folder

<Files .htaccess>
order allow,deny
deny from all
</Files>

<Files *.php>
order allow,deny
deny from all
</Files>

or put this at top of file you want to denie

if(strrchr($_SERVER['PHP_SELF'],'/')=='/file_name.php'){die;} // not good for ajax include