Lyricsride Posted August 6, 2006 Share Posted August 6, 2006 heya folks. An issue here regarding includes. I'm implementing include-security which i have basically done successfully i believe. But there is something i do not understand. Here are my three versions of the code:First Version That Doesn't Work[color=orange][b]config.php[/b][/color][color=red][b]--------------------------[/b][/color]<?php//security measureif ( //a matching constant must be defined [above] in a script that calls this include [color=red]!defined('include_constant','I Exist')[/color] ) //otherwise the include will die, assuming someone is trying to directly access this include file die("ERROR:Why are you trying to access a restricted include file! Please stop, thank-you. =]");$vpv4_host = "localhost";$vpv4_db = "vpv4" ;$vpv4_usr = "root" ;$vpv4_pw = "314314" ;$vpv4_connect = mysql_pconnect($vpv4_host, $vpv4_usr, $vpv4_pw) or trigger_error(mysql_error(),E_USER_ERROR);?>[b][color=red]--------------------------[/color][/b][color=orange][b]index.php[/b][/color][b][color=red]--------------------------[/color][/b]<?php //needed constant for include permissionsdefine('include_constant','I Exist');require_once($_SERVER['DOCUMENT_ROOT'].'/vpv4/includes/config.php');?>Hello World![b][color=red]--------------------------[/color][/b]RESULTING ERROR: "[color=red]Warning: Wrong parameter count for defined() in c:\server\Apache2.2\htdocs\vpv4\includes\config.php on line 6ERROR:Why are you trying to access a restricted include file! Please stop, thank-you. =][/color]"Second Version That Doesn't Work[color=orange][b]config.php[/b][/color][color=red][b]--------------------------[/b][/color]<?php//security measureif ( //a matching constant must be defined [above] in a script that calls this include !defined('include_constant') ) //otherwise the include will die, assuming someone is trying to directly access this include file die("ERROR:Why are you trying to access a restricted include file! Please stop, thank-you. =]");$vpv4_host = "localhost";$vpv4_db = "vpv4" ;$vpv4_usr = "root" ;$vpv4_pw = "314314" ;$vpv4_connect = mysql_pconnect($vpv4_host, $vpv4_usr, $vpv4_pw) or trigger_error(mysql_error(),E_USER_ERROR);?>[color=red][b]--------------------------[/b][/color][color=orange][b]index.php[/b][/color][b][color=red]--------------------------[/color][/b]<?php //needed constant for include permissions[color=red]define('include_constant');[/color]require_once($_SERVER['DOCUMENT_ROOT'].'/vpv4/includes/config.php');?>Hello World![b][color=red]--------------------------[/color][/b]RESULTING ERROR: "[color=red]Warning: Wrong parameter count for define() in c:\server\Apache2.2\htdocs\vpv4\index.php on line 4ERROR:Why are you trying to access a restricted include file! Please stop, thank-you. =][/color]"First Version That Does Work[color=orange][b]config.php[/b][/color][color=red][b]--------------------------[/b][/color]<?php//security measureif ( //a matching constant must be defined [above] in a script that calls this include !defined('include_constant') ) //otherwise the include will die, assuming someone is trying to directly access this include file die("ERROR:Why are you trying to access a restricted include file! Please stop, thank-you. =]");$vpv4_host = "localhost";$vpv4_db = "vpv4" ;$vpv4_usr = "root" ;$vpv4_pw = "314314" ;$vpv4_connect = mysql_pconnect($vpv4_host, $vpv4_usr, $vpv4_pw) or trigger_error(mysql_error(),E_USER_ERROR);?>[color=red][b]--------------------------[/b][/color][color=orange][b]index.php[/b][/color][b][color=red]--------------------------[/color][/b]<?php //needed constant for include permissionsdefine('include_constant','I Exist');require_once($_SERVER['DOCUMENT_ROOT'].'/vpv4/includes/config.php');?>Hello World![b][color=red]--------------------------[/color][/b]RESULTING SUCCESS: "[color=red]Hello World![/color]"This confuses me. It seems logically that the second version should work becasue it has all constant arguments defined? The third works yet it doesn't [have all arguments defined] while the first doesn't work yet it's similar to the third. What is PHP thinking here? I feel it's important for me to know... =)Anyway i could improve this by the way? Thanks! Quote Link to comment Share on other sites More sharing options...
ronverdonk Posted August 6, 2006 Share Posted August 6, 2006 The first one does not work because the defined () needs one parm only [code]PHP manual: bool defined ( string name )[/code]The second one does not work because the define needs at least 2 parms[code]PHP manual: bool define ( string name, mixed value [, bool case_insensitive] )[/code]The third one is syntactially correct Quote Link to comment Share on other sites More sharing options...
Lyricsride Posted August 6, 2006 Author Share Posted August 6, 2006 Thanks ronverdonk. When you say "needs one param only" i assume you mean also "will only take one"! 8) Thanks for clearing that up, although i find it a little illogical personally, i'm not going to argue with the code!Thanks a lot bud, cheers. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.