You could do all this... Or you could just move the files outside your web tree and change your include path. [shrug] On Tue, May 10, 2005 9:03 pm, Kit DeKat said: > $const = get_defined_constants(); > if( !isset($const["SOME_CONSTANT"]) || > ($const["SOME_CONSTANT"] != 'secret_string') ) http://php.net/defined would be more clear... > You will take a performance hit for adding the parser to more pages, but You'd have to benchmark on your own system to be certain, but others have reported in the distant past that it's a 5-10% performance hit to pass all .htm files through PHP. Presumably that would apply for .css and .js as well. I use .htm and pass through PHP, because I find it frees me up to build a better site with more cool PHP snippets/features without having to maintain old URLs in a change from .htm to .php YMMV. > if( !isset( $_SERVER["HTTP_REFERER"]) || > !strpos($_SERVER["HTTP_REFERER"],$_SERVER["SERVER_NAME"]) ) I don't think you can count on HTTP_REFERER to be set by browsers. It's not required by the HTTP spec, as I understand it. Plus, it seems to me like you are asking for trouble between www.example.com and example.com if they surf to www. but your developer/designer only uses 'example.com' I also would wonder if this will scale up to server farms? Maybe the REFERER/SERVER_NAME stuff is all hunky-dory consistent there... If an end user wants to read your CSS or JS bad enough, they can get it. Nor is this really a problem. You definitely do *NOT* want them able to surf to non-entry (ie, 'include'd) files! Your developers (you) almost certainly spent zero time wondering "what if" the user did that, and them executing your .php/.inc/.inc.php file out of context could wreak havoc. There are many "solutions" for this -- But to me, moving the files out of the web tree and setting include_path makes the most sense as the safest. There's *NO* *WAY* you're gonna screw up your httpd.conf or .htaccess files and make the files not in the web tree suddenly accessible. It's not like setting include_path is rocket science once you figure out that this is EXACTLY what that is for. Just my opinion. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
