help with using preg_match

[apw]

Hello

 

How do i use preg_match to keep people from directly accesssing

files?

 

I have this so far but it comes up to blank screen with no error:

 

If (preg_match("/test.php/i", $PHP_SELF)) {

print "you cannot view this file directly";

die();

 

}

 

Thanks again

[PFMaBiSmAd]

Try this -

// detect direct access to included/required file
if(strtolower(basename($_SERVER["SCRIPT_NAME"])) == strtolower(basename(__FILE__))){
   exit('No Direct Access');
}

[scootstah]

Personally, I would put scripts that you don't want accessed directly either above the docroot, or in a directory protected by .htaccess.

 

For the .htaccess, all you need is:

order deny,allow
deny from all

 

In either case, scripts can still be used by other scripts (include() or require()), but cannot be accessed directly by URL.

[apw]

Went word for word with your example and used test.php

as my test page and got no errors just a blank white screen

[PFMaBiSmAd]

Cannot really help you without seeing the exact whole file that you tried to run.

[Christian F.]

A completely white page tends to mean a PHP fatal error, and error_reporting turned off. You should be able to find the reason in your HTTP server's (error) log.

 

Also, scootstah suggestion is the best. If that's not possible for you, then you could always check for a defined constant at the top:

<?php
if (!is_defined ("SEC_CONST") || SEC_CONST !== true) {
    die ("No access");
}

/* Regular code */