advanced code snippet search

Posted By

MMDeveloper on 10/01/08


Tagged

php include external security


Versions (?)

Who likes this?

4 people have marked this snippet as a favorite

Scooter
JimiJay
bryandease
LordBumpet


simple security for external included files

 / Published in: PHP
 

URL: http://www.mechanicmatt.com/bp/

For sites that run on dynamic URL's and file includes, here is a simple technique to use to ensure that an 'include' file isn't hit directly via URL and only runs when included.

Expand | Embed | Plain Text 
  1. Inside your parent file (that does the including), place this at the top
  2.  
  3. define("parentFile", 1);
  4.  
  5.  
  6. and then at the top of all of your php parsed include files, place this
  7.  
  8. if(defined("parentFile") === true) {
  9. 	die("direct access is not allowed");
  10. } else {}
  11.  
  12.  
  13. so in your directory you have index.php (parent file) and "pages.php" (include file), if you went directly to yourdomain.com/pages.php, it wont results in PHP errors, it will simply die with that error message.
  14.  
  15. To test, go to http://www.mechanicmatt.com/bp/
  16.  
  17. and then go to http://www.mechanicmatt.com/bp/pages.php

Report this snippet  

You need to login to post a comment.