We Recommend

Wicked Cool PHP: Real-World Scripts That Solve Difficult Problems Wicked Cool PHP: Real-World Scripts That Solve Difficult Problems
Wicked Cool PHP contains a wide variety of scripts to process credit cards, check the validity of email addresses, template HTML, and serve dynamic images and text.


Posted By

MMDeveloper on 10/01/08


Tagged

php include external security


Versions (?)


Who likes this?

2 people have marked this snippet as a favorite

Scooter
JimiJay


simple security for external included files


Published in: PHP 


URL: http://www.mechanicmatt.com/bp/

For sites that run on dynamic URL's and file includes, here is a simple technique to use to ensure that an 'include' file isn't hit directly via URL and only runs when included.

  1. Inside your parent file (that does the including), place this at the top
  2.  
  3. define("parentFile", 1);
  4.  
  5.  
  6. and then at the top of all of your php parsed include files, place this
  7.  
  8. if(defined("parentFile") === true) {
  9. die("direct access is not allowed");
  10. } else {}
  11.  
  12.  
  13. so in your directory you have index.php (parent file) and "pages.php" (include file), if you went directly to yourdomain.com/pages.php, it wont results in PHP errors, it will simply die with that error message.
  14.  
  15. To test, go to http://www.mechanicmatt.com/bp/
  16.  
  17. and then go to http://www.mechanicmatt.com/bp/pages.php

Report this snippet 

You need to login to post a comment.