Web Analytics Made Easy -
StatCounter php include - deny access like IPB or phpbb - CodingForum


No announcement yet.

php include - deny access like IPB or phpbb

  • Filter
  • Time
  • Show
Clear All
new posts

  • php include - deny access like IPB or phpbb

    Ok, i'm fairly good at php programming, I'm just new to the OOP part of it, so figuring out how to learn from forums like IPB or phpBB is hard for me.

    What I want to do is have an index file, that will include other files to it.
    But what I want is so that those files cannot be directly accessed, the only way they can be used is if called by the index (includes the file when needed)

    In IPB i noticed they have something along these lines:

    PHP Code:
    if ( ! defined'IN_IPB' ) )
    "<h1>Incorrect access</h1>You cannot access this file directly. If you have recently upgraded, make sure you upgraded all the relevant files.";

    im not working with IPB for my new project, but i want to keep my includes secure, and i've tried chmod'ing the files but then when they are included it says access not allowed lol, maybe i'm chmod'ing the files to the wrong code, but i'd still like to use the IPB style of securing those includes.

    Any help on this would greatly be appreciated!
    -Thanks in advance, Mindless-
    trying to revive an old site...

  • #2
    PHP Code:
    if ($_SERVER['HTTP_HOST'] != 'yourdomain.com'){


    • #3
      hmm, maybe im doing it wrong, but no matter how i use that code you provided, it doesn't seem to work, i get Errors! printed every time.

      Does anyone else know how to do this?

      How does IPB make the file "defined" when its opened through index and not defined if its just opened by itself?
      trying to revive an old site...


      • #4
        This is what I use at the top of my php includes.
        PHP Code:
        if(eregi("header.php","$REQUEST_URI")){die('This file cannot be accessed directly!');}
        ||||If you are getting paid to do a job, don't ask for help on it!||||


        • #5
          olso you can use IPB phpBB style

          At yours index.php or other file where other files are included define a variable

          PHP Code:
          //other code
          and in includes use this code:
          PHP Code:
          if (!defined('IN_MY_SITE')) die('Error');
          Free php image upload script
          Personal web developing blog


          • #6
            I vote for _Aerospace_Eng_'s version. It only requires that code be put into the include file, not both files. Also, after seeing his code, I immediately wondered if this could be made file name independent (would not require customization for each file it is used in.) I believe the following accomplishes this (It produces the expected results when I tried it) -
            PHP Code:
            $file basename(__FILE__); // get the file name portion of the current include file

            if(eregi($file,$_SERVER['REQUEST_URI'])){die('This file cannot be accessed directly!');} 
            As to the HTTP_xxxxxx method. All of the HTTP_ values come from headers from the client that made the request to the server. None of them are required and they can be set to any value (for example a script using cURL could set HTTP_HOST to be the name of the file being accessed.) For the reason why Mindless receives the "error" output is that HTTP_HOST was not set/does not exist.

            For the define/defined method and the REQUEST_URI method, all of the values involved are server side and are never in the hands of or dependent on the client that is making the request.
            Finding out HOW to do something is called research, i.e. keep searching until you find the answer. After you attempt to do something and cannot solve a problem with it yourself, would be when you ask others for help.


            • #7
              so, really with the last example, i could just include that tidbit of code into all of my includes, and they would be safe?
              i see now that i cannot as that compromises the whole get basefile part. thanks anyways lol

              the first method of that code is working just perfectly, but the second option is nice also so i do not have to edit the code every single time to have the correct file name.

              i appreciate everyone's help, it is making things easier for me in my current project (not the link in my sig, this one is for my own learning purposes and to challenge myself) I'm making a forum from scratch, so ive got a lot to learn in the security department and OOP. if anyone has any tips, please let me know lol.
              Last edited by Mindless; Oct 15, 2006, 03:20 AM. Reason: correction
              trying to revive an old site...