On Sat, Dec 27, 2008 at 12:08 AM, Robert Cummings <robert@xxxxxxxxxxxxx>wrote: > On Fri, 2008-12-26 at 22:02 -0800, Kenton P. Kammer wrote: > > I'm trying to make something to redirect people to my home page if they > some how access my include pages. For example, I have a generic copyright > .htm with links in it that I add to all my pages with the include(). > Problem is when I'm trying to make it the uri is always where it is in the > include folder I made, even when I'm on the home page trying to view the > links. This is what I have: > > > > <? > > $uri=$_SERVER["REQUEST_URI"]; > > if($uri=='/'.strpbrk($uri, 'include')){header("Location: > ../index.php");} > > else{ > > ?> > > <p>page content</p> > > <? } ?> > > > > But the error is that since it always returns the /include/...htm uri > even when I'm viewing it on http://www.domain.com/index.php > > > > Help please! Thank you! > > The most common way to do this (I think) is to define a variable in your > site's main config. In each include file test for it having been set. If > it is not set, then the file is being accessed improperly and so you > redirect. > > For instance: > > File: myConfig.php > ------------------ > <?php > > define( 'MY_CONFIG_LOADED', 1 ); > > ?> > > File: myClass.php > ----------------- > <?php > > if( !defined( 'MY_CONFIG_LOADED' ) ) > { > header( 'Location: http://www.foo.bar.nuh.uh.com/403.php' ); > } > > ?> > > On a related note though... they probably shouldn't be able to dig > around your include directory in the first place. Better to deny those > requests via a webserver config (usually a .htaccess file). > this is the approach taken by code igniter, and i think it has 2 strong points, 1. no .htaccess mechanism required, that is, portable across webservers that support php 2. the code can be placed directly in the webroot; this in contrast to placing files you dont want accessed outside of the webroot and into the include_path -nathan