full file path

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
elecktricity
Forum Contributor
Posts: 128
Joined: Sun Sep 25, 2005 8:57 pm
Location: Trapped in my own little world.
Contact:

full file path

Post by elecktricity »

hello, I had a few question, I did this thing to were it includes the header and footer for the template to work, so I didnt want people to just be able to do to the files so I did something like this:

Code: Select all

<?PHP
if ($_SERVER['PHP_SELF']=='/header.php') {
header("Location: index.php");
exit;
}
else {
echo 'yay!';
}
?>
but then I realized, what if somebody included it on one of there pages like http://example2.com/link.php like included my header.php page, then it would display stuff, so is there anyway to get the full file path like
http://mysite.com/header.php
User avatar
Chris Corbyn
Breakbeat Nuttzer
Posts: 13098
Joined: Wed Mar 24, 2004 7:57 am
Location: Melbourne, Australia

Re: full file path

Post by Chris Corbyn »

elecktricity wrote:hello, I had a few question, I did this thing to were it includes the header and footer for the template to work, so I didnt want people to just be able to do to the files so I did something like this:

Code: Select all

<?PHP
if ($_SERVER['PHP_SELF']=='/header.php') {
header("Location: index.php");
exit;
}
else {
echo 'yay!';
}
?>
but then I realized, what if somebody included it on one of there pages like http://example2.com/link.php like included my header.php page, then it would display stuff, so is there anyway to get the full file path like
http://mysite.com/header.php
Actually, if someone remotely included your header.php file with that code in they would be including your full site since the redirect would be actioned if the HTTP protocol is being used. It would only display the header contents alone if they included the file locally or using another transfer protocol.

If you want the server name then it's $_SERVER['SERVER_NAME'] but even then, it will show as your own server regardless of where the output is going when HTTP is used.

Basically... it's fine the way it is :D
MaNiAC
Forum Newbie
Posts: 20
Joined: Fri Dec 23, 2005 4:20 am

Post by MaNiAC »

You can use session in the start of that file...

http://example2.com/link.php:

Code: Select all

<?PHP
session_start();
if(!$loggedin){
  header("Location: index.php");
  exit;
}
else {
  echo 'yay!';
}
?>
User avatar
Jenk
DevNet Master
Posts: 3587
Joined: Mon Sep 19, 2005 6:24 am
Location: London

Post by Jenk »

that would be $_SESSION['loggedin'] ;)
User avatar
elecktricity
Forum Contributor
Posts: 128
Joined: Sun Sep 25, 2005 8:57 pm
Location: Trapped in my own little world.
Contact:

Post by elecktricity »

well that gave an error message if it wasnt first so it kinda worked, but I found another way of doing what I wanted, when I included the file, I assigned a $_GET variable like this:

Code: Select all

//index.php
<?PHP
include('header.php?valjl=yes');
?>

Code: Select all

//header.php
<?PHP
if ($_GET['valjl']=='yes') {
true;
}
else {
false;
}
?>
Post Reply