On Sat, Dec 27, 2008 at 12:08 AM, Robert Cummings <robert@xxxxxxxxxxxxx>wrote:
> On Fri, 2008-12-26 at 22:02 -0800, Kenton P. Kammer wrote:
> > I'm trying to make something to redirect people to my home page if they
> some how access my include pages. For example, I have a generic copyright
> .htm with links in it that I add to all my pages with the include().
> Problem is when I'm trying to make it the uri is always where it is in the
> include folder I made, even when I'm on the home page trying to view the
> links. This is what I have:
> >
> > <?
> > $uri=$_SERVER["REQUEST_URI"];
> > if($uri=='/'.strpbrk($uri, 'include')){header("Location:
> ../index.php");}
> > else{
> > ?>
> > <p>page content</p>
> > <? } ?>
> >
> > But the error is that since it always returns the /include/...htm uri
> even when I'm viewing it on http://www.domain.com/index.php
> >
> > Help please! Thank you!
>
> The most common way to do this (I think) is to define a variable in your
> site's main config. In each include file test for it having been set. If
> it is not set, then the file is being accessed improperly and so you
> redirect.
>
> For instance:
>
> File: myConfig.php
> ------------------
> <?php
>
> define( 'MY_CONFIG_LOADED', 1 );
>
> ?>
>
> File: myClass.php
> -----------------
> <?php
>
> if( !defined( 'MY_CONFIG_LOADED' ) )
> {
> header( 'Location: http://www.foo.bar.nuh.uh.com/403.php' );
> }
>
> ?>
>
> On a related note though... they probably shouldn't be able to dig
> around your include directory in the first place. Better to deny those
> requests via a webserver config (usually a .htaccess file).
>
this is the approach taken by code igniter, and i think it has 2 strong
points,
1. no .htaccess mechanism required, that is, portable across webservers that
support php
2. the code can be placed directly in the webroot; this in contrast to
placing files you dont want accessed outside of the webroot and into the
include_path
-nathan
