This question has already been answered:

Suppose you are creating your website composed of PHP pages that contain HTML code. These pages are located in the root folder of the hosting (in the same place as the main index.php ). It is clear that the user, if he opens the developer’s tools in the browser, sees only the generated HTML code.

Question: Is it possible for a user in this situation to see the source PHP code without hacking the server in order to gain access to the files? In particular, I ask you to mention in the answer of the program for saving pages for the purpose of their further viewing from offline mode.

Reported as a duplicate by ReinRaus , AK ♦ , ermak0ff , user194374, Denis Bubnov participants on Feb 6 '17 at 6:52 .

A similar question was asked earlier and an answer has already been received. If the answers provided are not exhaustive, please ask a new question .

  • These programs act exactly the same way as the browser, and do not possess magic. until the server directly gives the contents of the files, everything is safe - etki
  • There is such a possibility, but only if for some reason PHP has fallen, and Apache continues to work. Xs as it can be guaranteed to reproduce (this will be the coolest way to hack if you learn to play), but he himself has already seen several times how sites are dropping out the source code, instead of PHP processing. So, unfortunately, the answers given are not entirely correct. - ReinRaus

2 answers 2

This is impossible exactly until you accidentally turn off the parsing of PHP code in .php files.

However, by accessing files that a user should not access, he could somehow harm you or even find out information that he should not know. Therefore, it is recommended to make it so that in a directory accessible via HTTP there is only 1 PHP file: index.php . This file, in turn, should already interact with other PHP files that are above the level of this directory. Like that:

 project/ β”œβ”€β”€ public/ β”‚ β”œβ”€β”€ index.php β”‚ β”œβ”€β”€ robots.txt β”‚ └── sitemap.xml └── app/ β”œβ”€β”€ MyClass.php └── MyAnotherClass.php

You can access index.php , say, localhost/index.php , as well as localhost/robots.txt and localhost/sitemap.xml , but you can’t access MyClass.php and MyAnotherClass.php via HTTP. .

  • Thank you for your reply! ... so that we will programmatically generate any page of the site in index.php ? Here I immediately had a lot of questions. You can make a dynamic content change, but what about the navigation menu that is recommended to be made from links? We will link to other pages from this menu. - Bokov Gleb
  • @GurebuBokofu, while you are at the initial stage of learning PHP, write the way you feel comfortable and understandable. Then, when you gain knowledge, the refactoring process (this is when the old code is replaced with a more "correct" one that corresponds to your current level) will start by itself and you will encounter concepts such as CNC and routing. And instead of localhost/registration.php your links will look like localhost/registration with a single index.php in a public directory. - neluzhin
  • Got it. Well, if we are talking about creating websites to order, is it permissible to do what I am doing now? (on php-file on each key page) - Side by Gleb
  • @GurebuBokofu, no. You should be responsible for the code that is not written for yourself, but it is subject to "unexpected" from all cracks. Also, if another programmer tries to read this code, he will obviously have a bad day. If you want to quickly start making simple sites to order, pull up PHP and jump headlong into the CodeIgniter 3 framework . There and the documentation is good, and he himself is easy to learn. - neluzhin

php code runs on the server. it gives your browser the page as you see it. Those. the client flies the result of the pkhp file in the form of compiled html. Not the file itself. What you are asking about is possible only via FTP, if through a browser.