I have a slight problem which is giving me a lot of headache, I have an apache2 server, with lamp in a Debian distro, the problem is that if I access www.domain.com/folder , I see the contents of the folder. the thing is that I don't want to see it, besides, if I access a .php file within this file, it is executed, these should not be executed if the login is not done.
For the fact of hiding the files, what I have done has been to insert a .htaccess file with the following content
Order Allow,Deny
Deny from all
To deny access to the files, what I have done is check if they have the session cookies with the user, otherwise the application does not work, but I do not think it is a good practice
<?php
//comprobamos que el usuario este logeado
if(!isset($_SESSION['usuario'])){
//aqui ira el codigo
}else{
//si no esta logeado lo mandamos a la pagina de login
header("Location: login.php");
}