Posted by Adam Hubscher on 01/14/05 00:25

From within the application, I use one page to include
classes/variables and so on. Is there a way (I may have been missing it
in the documentation for PHP, however I didnt see anything related) to
prevent a user from directly accessing/executing *.php by the file
making sure taht it was only included by index.php?

For example:

config.php defines:

function __autoload($class_name) {

$class_name = strtolower($class_name);
include_once('class.'.$class_name.'.php');
}

as per PHP5 example

1 (the preferred way): user accesses
http://www.example.org/index.php?function=Join, this loads the class
NewUser and begins its implementation. Because of the __autoload, it
includes class.join.php, in order to utilize the class.

2 (the wrong way): user accesses
http://www.example.org/includes/class.join.php without going through
index.php.

I am trying to prevent 2 from even occuring, utilizing a piece of code
that would check if index.php had included it, or not. This code would
be in the beginning of all the class files, at the top, before any other
code was to be executed.

As of yet, it has eluded me...

[Back to original message]