Page 1 of 1

include files

Posted: Tue Sep 28, 2010 6:20 pm
by JKM
Hi there,

I have a folder called includes/, and I was wondering what the best way to block viewers to access/view the files in the include folder.
Everyone should be able to see: index.php?page=videos (where includes/videos.php is being included)
No one should be able to see includes/videos.php

I'm sorry if it's hard to understand my explanation :p

Re: include files

Posted: Tue Sep 28, 2010 6:27 pm
by twinedev
For best results, if you are using Apache, disable viewing indexes of Directories.

For just one directory though, you can put a blank index.html file in that directory.

Then, in case they somehow know the names of the .php files, since they are all designed to be included by another PHP script, check for a constant to be defined by the main program (index.php):

Code: Select all

define('SYSTEM_BASE',TRUE);
Then, at the top of every file that is included, and not meant to be called by itself, do the following:

Code: Select all

if (!defined('SYSTEM_BASE')) die ('Invalid direct call to file');
-Greg

Re: include files

Posted: Tue Sep 28, 2010 6:49 pm
by JKM
Nice, I tried the define() snippet, and it works great - thanks! :)