In in开发者_开发百科dex I can write this -
if ($_SERVER['HTTP_HOST'] != 'www.example.com') {
include("home.php")
}
But it's very easy to remove this checking and just include the home.php which will run the whole website for any domain name.
Is there any encoded way which cannot be removed to make this website work for other domains?
If one has access to your code, and can change it, there is no way you can prevent this from happening.
If you're using apache, you can disallow access to "home.php" directly by adding a file called ".htaccess" to the directory which home.php is in:
<Files home.php>
order deny,allow
deny from all
</Files>
But even better, I would put home.php and other files in a protected directory called "includes" and use this ".htaccess" file instead:
<Directory "includes">
order deny,allow
deny from all
</Directory>
You can now only access home.php by using include("home.php");
in a script.
If it doesn't work, make sure that htaccess overrides are enabled in your apache configuration. Find the "AllowOverride" directive and make sure "AllowOverride All" is set.
精彩评论