|
|
Posted by David Green on 01/14/05 16:09
How about setting a variable before calling the include (eg
$fromIndex=true)?
In class.join.php you could include, for example, at the top of the file
<?php
if (!isset($fromIndex))
{
die("ERROR MESSAGE");
}
?>
Adam Hubscher wrote:
> From within the application, I use one page to include
> classes/variables and so on. Is there a way (I may have been missing
> it in the documentation for PHP, however I didnt see anything related)
> to prevent a user from directly accessing/executing *.php by the file
> making sure taht it was only included by index.php?
>
> For example:
>
> config.php defines:
>
> function __autoload($class_name) {
>
> $class_name = strtolower($class_name);
> include_once('class.'.$class_name.'.php');
> }
>
> as per PHP5 example
>
> 1 (the preferred way): user accesses
> http://www.example.org/index.php?function=Join, this loads the class
> NewUser and begins its implementation. Because of the __autoload, it
> includes class.join.php, in order to utilize the class.
>
> 2 (the wrong way): user accesses
> http://www.example.org/includes/class.join.php without going through
> index.php.
>
> I am trying to prevent 2 from even occuring, utilizing a piece of code
> that would check if index.php had included it, or not. This code would
> be in the beginning of all the class files, at the top, before any
> other code was to be executed.
>
> As of yet, it has eluded me...
>
--
------------------------------------------------------
David Green
Information Centre, Central Science Laboratory
Sand Hutton, York, YO41 1LZ
Phone: +44 (0)1904 462388 (GTN: 5129 2388)
Fax: +44 (0)1904 462111
E-Mail: d.green@csl.gov.uk
------------------------------------------------------
CSL email disclaimer: http://www.csl.gov.uk/email.htm
Navigation:
[Reply to this message]
|