Search the Community
Showing results for tags 'preventing direct fileaccess'.
-
Hi, searching for this very common question as in subject, I CAME ACROSS THE FOLLOWING QUESTION:- I have a php file which I will be using as exclusively as an include. Therefore I would like to throw an error instead of executing it when it's accessed directly by typing in the URL instead of being included. Basically I need to do a check as follows in the php file: if ( $REQUEST_URL == $URL_OF_CURRENT_PAGE ) die ("Direct access not premitted"); Is there an easy way to do this? AND THIS ANSWER:- The easiest way is to set some variable in the file that calls include, such as $including = true; Then in the file that's being included, check for the variable if (!$including) exit("direct access not permitted"); AND THESE COMMENTS:- 2 This is dangerous if register_globals is on. – jmucchiello Jan 3 '09 at 18:51 11 PHP is dangerous if register_globals is on. – David Precious Jan 3 '09 at 18:56 MY QUESTION IS that please can someone explain why and how this is a dangerous menthod and if it should be used or not. I have actually used this technique, There is a php file which is accessed as a hyperlink from the index file. When I use that link, it gives me an error saying that I cannot access that file directly. So does that mean that this technique won't work on hyperlinked files? If not then what is the best way to ensure that hyprelinked files are not accessed directly? Thanks a lot everyone on the forum.