If you wish to protect files from direct access I normally use this:
index.php:
<?php
// Main stuff here
define('START',microtime());
include "x.php";
?>
x.php:
<?php
defined('START')||(header("HTTP/1.1 403 Forbidden")&die('403.14 - Directory listing denied.'));
?>