Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

0

"You can't access this file directly."

Started by Ace-SG1-, Aug 28 2006 11:31 PM

You cannot reply to this topic
Go to first unread post

8 replies to this topic

#1 Ace-SG1-

Young Padawan

Members
17 posts

Location:USA, Hawaii

Posted 28 August 2006 - 11:31 PM

 <?php
if ( $_SERVER [ 'PHP_SELF' ] != '/index.php' )
{
die ( "You can't access this file directly." );
}
?>

is there a way for that it can assess it but if u put in like
www.yoursite.com/thepage.php where it says "You can't access this file directly." but if the site asks for it in like a scriped and it lets it go...

Back to top

#2 Demonslay

P2L Jedi

Members
970 posts

Gender:Male
Location:A strange world where water falls out of the sky... for no reason.
Interests:Graphic Design, Coding, Splinter Cell, Cats

Posted 29 August 2006 - 03:25 PM

What you have there can work.

I personally just use a constant or variable, like this.

define('ACCESS', 'TRUE');
include('file.php');

Then in the included script, you could do this.

if(!defined('ACCESS') || ACCESS != 'TRUE'){
die('You can't access this file directly.');
}

This way, you can easily access the file from any script on your server, knowing your constant and the value. Also, if I'm correct, using your method wouldn't work with .htaccess rewrite rules, not quite sure.

Back to top

#3 coolaid

P2L Jedi Master

Members
1,435 posts

Gender:Male
Interests:i wonder..

Posted 29 August 2006 - 06:22 PM

if he wanted to use his with mod rewrite, he would use replace php_self with request_uri

Back to top

#4 Demonslay

P2L Jedi

Members
970 posts

Gender:Male
Location:A strange world where water falls out of the sky... for no reason.
Interests:Graphic Design, Coding, Splinter Cell, Cats

Posted 29 August 2006 - 06:57 PM

Ya, you're right.
Still, mine's universal.

Back to top

#5 rc69

PHP Master PD

P2L Staff
3,827 posts

Gender:Male
Location:Here
Interests:Web Development

Posted 30 August 2006 - 03:01 PM

Of course, the EASIEST way to do this would be to simply put the files you want to include above the web root directory (i.e. www, or public_html), and then include the files from there.

Then nobody will be able to access the file, and you won't have to worry about a security check.

Back to top

#6 Demonslay

P2L Jedi

Members
970 posts

Gender:Male
Location:A strange world where water falls out of the sky... for no reason.
Interests:Graphic Design, Coding, Splinter Cell, Cats

Posted 30 August 2006 - 04:03 PM

Oh that's right.
But how would they not be able to view it? Because of .htaccess rewrites?

Back to top

#7 Matthew.

Official Spammer .Matt

Members
2,749 posts

Gender:Male
Location:England

Posted 30 August 2006 - 04:06 PM

Nope, if you stick something above the public_html directory, as rc69 said, it is not viewable.

Simply use ../ when including the file (assuming your are working from the root of public_html or equivelant)

Back to top

#8 Demonslay

P2L Jedi

Members
970 posts

Gender:Male
Location:A strange world where water falls out of the sky... for no reason.
Interests:Graphic Design, Coding, Splinter Cell, Cats

Posted 30 August 2006 - 04:38 PM

OH.
Lol, I always thought the root directory was public_html.

Thanks for clearing that up, can't believe I've thought that for so long. :wacko:

Back to top

#9 Ruben K

Cliff

Twodded Staff
438 posts

Posted 31 August 2006 - 03:00 AM

In my free PHP Framework I have a specific class which is created in the index page.
In my specific modules I have the following code to prevent them from being ran without the class from the index page:

if( !class_exists( 'debug' ) )
{
	  $this->error( "Please do not try to access this file directly.." );
}

When the page is not accessed through index.php, the class 'debug' does not exist and it will give you an error message.

Back to top

Back to Programming and General Web Design · Next Unread Topic →

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users