I have several files that I include as the page body for a CMS e.g.
dashboard.php
products.list.php
products.add.php
products.edit.php
Those are included through index.php using a switch. index php has the login check code and also defines a constant define('AllowAccess',1);
My question is, is a check like:
<?php if (!defined('AllowAccess')){exit();} ?> at the very top of each included page enough to protect them from direct access? Or do I have to add the login check in all those as well?
I mean constants are server-side, there shouldn't be any problem correct?
Is constant defined enough protection for included files?
Moderator: General Moderators
Re: Is constant defined enough protection for included files
That is enough. I use something similar for mine.