Re: Preventing execution without inclusion

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



How about setting a variable before calling the include (eg $fromIndex=true)?
In class.join.php you could include, for example, at the top of the file


<?php
      if (!isset($fromIndex))
      {
         die("ERROR MESSAGE");
      }
?>

Adam Hubscher wrote:

From within the application, I use one page to include classes/variables and so on. Is there a way (I may have been missing it in the documentation for PHP, however I didnt see anything related) to prevent a user from directly accessing/executing *.php by the file making sure taht it was only included by index.php?

For example:

config.php defines:

function __autoload($class_name) {
$class_name = strtolower($class_name);
include_once('class.'.$class_name.'.php');
}


as per PHP5 example

1 (the preferred way): user accesses http://www.example.org/index.php?function=Join, this loads the class NewUser and begins its implementation. Because of the __autoload, it includes class.join.php, in order to utilize the class.

2 (the wrong way): user accesses http://www.example.org/includes/class.join.php without going through index.php.

I am trying to prevent 2 from even occuring, utilizing a piece of code that would check if index.php had included it, or not. This code would be in the beginning of all the class files, at the top, before any other code was to be executed.

As of yet, it has eluded me...


-- ------------------------------------------------------ David Green Information Centre, Central Science Laboratory Sand Hutton, York, YO41 1LZ

Phone:	+44 (0)1904 462388 (GTN: 5129 2388)
Fax:	+44 (0)1904 462111
E-Mail:	d.green@xxxxxxxxxx
------------------------------------------------------
CSL email disclaimer: http://www.csl.gov.uk/email.htm

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux