Posted by Jonathan N. Little on 12/04/05 01:44

NC wrote:
> nc wrote:
>
>>If www.any1.com has a lib\file1.php, can someone at
>>www.any2.com include the script
>
>
> Yes.
>
>
>>and access the items in the script?
>
>
> No.
>
The above it true, but your can also stop them from accessing the
'output' for the script as well. Set a special constant in your calling
PHP scripts and have the included script check for the constant to
insure it is an 'authorized' include.

Calling PHP:

<?php
define("THE_MAGIC_WORDS", TRUE); //Your special constant
require_once("myincludes/included.php');
//the rest of your script here
...

In the included PHP:
<?php
if(!defined("THE_MAGIC_WORDS")){
die("Tisk-tisk! Do you have my permission to use this file?");
}
//the rest of your script here
...

If the server is set up correctly they should never be able to see your
actual code, just the output.


--
Take care,

Jonathan
-------------------
LITTLE WORKS STUDIO
http://www.LittleWorksStudio.com

• Next in forum: Re: speed: by reference or by value?
• Prev in forum: Re: send mail to someone
• Thread view: Re: Is a .php file protected from inclusion in outside domains?

[Reply to this message]