Hi there,
Today I tried to access my view files directly by just typing in for example https://localhost/myproject/app/views/test.phtml It resulted in output of php code into the browser (tags, functions names, variable names etc). I understand that it is only a view file, but still, some programmers put confidential information or propriatory code into view files.
Is there any way I can restrict direct access to the view files?
Thank you in advance.
Yes. Define virtual hosts in you http server(apache, nginx, etc.). And set the document root to the folder in which index.php is. This way any other file, from other folders above that root folder will not be accesible via browser. The php code you are seeing in that file has to do also with the server. It is not configured to interpret php code in phtml files, so everything in there is considered just text.
So this is a problem with you configuring your server, not phalcon itself.
Hi vlad4800,
Thank you for your answer. I wasn't saying that there is problem with phalcon. I just was wondering if there is any way to protect view files. I'm using WAMP on my local system. In my .htaccess file I have:
My index.php file is located in the root directory:
So where would you put index.php file? And what should I add into .htaccess file in order for it to work?
Thank you for your help.
index.php should be in "public" folder, that's why it's called public :D
Got it. Thanks for the answers.
Great ! Good luck with Phalcon.
