Posted by Thomas Goyne on 01/14/05 08:39

On Thu, 13 Jan 2005 16:25:30 -0600, Adam Hubscher
<webmaster@offbeat-zero.net> wrote:

> 1 (the preferred way): user accesses
> http://www.example.org/index.php?function=Join, this loads the class
> NewUser and begins its implementation. Because of the __autoload, it
> includes class.join.php, in order to utilize the class.
>
> 2 (the wrong way): user accesses
> http://www.example.org/includes/class.join.php without going through
> index.php.
>
> I am trying to prevent 2 from even occuring, utilizing a piece of code
> that would check if index.php had included it, or not. This code would
> be in the beginning of all the class files, at the top, before any other
> code was to be executed.
>

Ideally, you'd put all of the files users aren't supposed to access
outside of the document root, so there just isn't a uri that points to the
file.

If (as your question makes it sound) the includes do nothing but define a
class, and don't actually run any code, then it really doesn't matter if
users directly access an include, as nothing will happen.


--
Using M2, Opera's revolutionary e-mail client: http://www.opera.com/m2/

http://www.smempire.org

[Back to original message]