1 (the preferred way): user accesses http://www.example.org/index.php?function=Join, this loads the class NewUser and begins its implementation. Because of the __autoload, it includes class.join.php, in order to utilize the class.
2 (the wrong way): user accesses http://www.example.org/includes/class.join.php without going through index.php.
I am trying to prevent 2 from even occuring, utilizing a piece of code that would check if index.php had included it, or not. This code would be in the beginning of all the class files, at the top, before any other code was to be executed.
Ideally, you'd put all of the files users aren't supposed to access outside of the document root, so there just isn't a uri that points to the file.
If (as your question makes it sound) the includes do nothing but define a class, and don't actually run any code, then it really doesn't matter if users directly access an include, as nothing will happen.
-- Using M2, Opera's revolutionary e-mail client: http://www.opera.com/m2/
http://www.smempire.org
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
