Posted By

MMDeveloper on 10/01/08


Tagged

php include external security


Versions (?)

Who likes this?

4 people have marked this snippet as a favorite

Scooter
JimiJay
bryandease
LordBumpet


simple security for external included files


 / Published in: PHP
 

URL: http://www.mechanicmatt.com/bp/

For sites that run on dynamic URL's and file includes, here is a simple technique to use to ensure that an 'include' file isn't hit directly via URL and only runs when included.

  1. Inside your parent file (that does the including), place this at the top
  2.  
  3. define("parentFile", 1);
  4.  
  5.  
  6. and then at the top of all of your php parsed include files, place this
  7.  
  8. if(defined("parentFile") === true) {
  9. die("direct access is not allowed");
  10. } else {}
  11.  
  12.  
  13. so in your directory you have index.php (parent file) and "pages.php" (include file), if you went directly to yourdomain.com/pages.php, it wont results in PHP errors, it will simply die with that error message.
  14.  
  15. To test, go to http://www.mechanicmatt.com/bp/
  16.  
  17. and then go to http://www.mechanicmatt.com/bp/pages.php

Report this snippet  

You need to login to post a comment.