Page 1 of 1

Is constant defined enough protection for included files?

Posted: Fri Feb 17, 2012 5:55 pm
by Sindarin
I have several files that I include as the page body for a CMS e.g.

dashboard.php
products.list.php
products.add.php
products.edit.php

Those are included through index.php using a switch. index php has the login check code and also defines a constant define('AllowAccess',1);

My question is, is a check like:
<?php if (!defined('AllowAccess')){exit();} ?> at the very top of each included page enough to protect them from direct access? Or do I have to add the login check in all those as well?

I mean constants are server-side, there shouldn't be any problem correct?

Re: Is constant defined enough protection for included files

Posted: Sat Feb 18, 2012 12:21 am
by twinedev
That is enough. I use something similar for mine.