I have a file that has all of my mysql database info in it(i.e. username, password) and it is needed by many php files, but if I call this file up directly in my browser it shows the contents. And if I chmod it to where it is not world readable (600 or 640) then nothing works. How do I make it so everything works, but you can't call it up in a browser?

Either make Apache deliberately not serve it (for example, using the 'Files' directive), or move it somewhere out of the web server virtual directory tree - i.e. above DocumentRoot.

------------------
- Klamath
Get my GnuPG Key Here (http://klamath.dyndns.org/mykey.asc)
Looking for an open source project to contribute to? Check out the Tornado HTTP Server (http://sourceforge.net/projects/tornado)

Duh, I'm stupid. I knew to not have it in the DocumentRoot. I was playing with one of those PHPNuke type packages and I had it in a separate directory below DocumentRoot including the file I was referring to, If I had set it up like I should have then I wouldn't of even been trying to figure it out. Thanks.

Well, that won't work. it doesn't get moved out of the documentroot like I thought. So, how do I use the Files directive. I've been trying to get it to work on a .htaccess file but it doesn't seem to want to work. Could you or someone give me an example, where the file is /home/www/includes/something.conf

I tried putting:
<Files "/includes/something.conf">
Order allow,deny
Deny from all
</Files>

in the documentroot .htaccess, and I tried putting:
<Files "something.conf">
Order allow,deny
Deny from all
</Files>

in the directory where the file is located and it still shows it in the browser.

I also tried the above with "Order allow,deny" as "Order deny,allow"

I know I'm probably missing something really stupid and simple.

Dumbass here again.

I found the little problem. I had "AllowOverride None" instead of "AllowOverride All" in my httpd.conf

It all works now.

hehehe, phpnuke http://www.linuxnewbie.org/ubb/smile.gif
what version ? 4.3 ?

it doesnt matter, if you have your addtype set correctly where it parses php files, there is no way anyone is going to be able to do
domain.com/config.php and get your database user/pass

a simpler option would be to use

php_value include_path="./:/home/username"
in your .htaccess

PHP-Nuke, you gotta love it and then you gotta hate it.

Actually it's not PHPNuke, I thought about using it, but it has too many features for what I want. I'm using drupal from www.drop.org (http://www.drop.org) it's pretty slick. I now have my site up at www.constantspeed.com (http://www.constantspeed.com) if anyone reading this wants to take a look.

drupal is pretty cool.

im planning on writing my own set of portal scripts. looking for a few good developers btw http://www.linuxnewbie.org/ubb/wink.gif

100% pure PHP4 written in a slick/strict coding standard based on PEAR, PHPdoc, Metabase, Mantis, and the phpslash projects.


NO trashy sloppy ugly gibberishy line-noise lookin resource hoggin perljunk http://www.linuxnewbie.org/ubb/biggrin.gif

unless of course you code perl like a god and want to learn PHP, then i guess it'd be ok.