Aiming to endorse the HTTP_REFERRER, previously I used the following function, and it worked like a charm. By the way, previously all the files were stored in the public_html folder.
function refererCheck()
{
$allowed_host = $_SERVER["SERVER_NAME"];
$host = isset($_SERVER['HTTP_REFERER']) ? parse_url($_SERVER['HTTP_REFERER'], PHP_URL_HOST) : '';
return substr($host, 0 - strlen($allowed_host)) === $allowed_host;
}
Currently, to make some of the core php files a little bit more secure, I have tried to move them to a folder above public_html. Moving these files to a folder outside public_html, makes the function to return false while checking the referrer.
With this in mind, I want to know how we can change the above function so that the php files inside a folder, say for example private folder, outside public_html admit the requests from files inside public_html. How should the logic inside the above function get changed?
To make it a little bit more clear look at the two files distributions below:
First Scenario:
**Public_html**
--classes/a.php
--classes/b.php
Index.php
Second Scenario:
Public_html
--index.php
Private
--classes/a.php
--classes/b.php
First scenario shows the way all my files were previously stored in the public_html folder. Now some of the files are stored in another folder outside 'public_html'. In fact, these files should admit just requests coming from their own folder, that is private, or from the public_html. In this case, how can we rewrite the following function to do the job.
Special thanks offered.