glassfish Posted October 25, 2014 Share Posted October 25, 2014 I am looking to use this for an admin panel. session_start.php "session_start()" "if statement" where it checks if a successful login is given Is it necessary to include "session_start.php" into the top of each script file? If I just include "session_start.php" into the top of the "main" file where the other script files are included inside of the "main" as well, then I have it in ways where the other script files could get called up through the URL.(?) I thought it is a bit too much to include "session_start.php" into each script file. Is there a way where this can be done with more simple ways? I would appreciate the suggestions a lot. Quote Link to comment Share on other sites More sharing options...
NotionCommotion Posted October 25, 2014 Share Posted October 25, 2014 Is it necessary to include "session_start.php" into the top of each script file? If I just include "session_start.php" into the top of the "main" file where the other script files are included inside of the "main" as well, then I have it in ways where the other script files could get called up through the URL.(?) I thought it is a bit too much to include "session_start.php" into each script file. Is there a way where this can be done with more simple ways? I typically just have one or maybe a couple of entry points: index.php //error settings, date settings, etc... session_start(); //based on $_GET['page'], figure out which part of script to run... Quote Link to comment Share on other sites More sharing options...
glassfish Posted October 25, 2014 Author Share Posted October 25, 2014 Do you mean, having it kind of like a config? Can you elaborate on how to avoid that "script files" get run through the URL by "guessing" the name? Quote Link to comment Share on other sites More sharing options...
Frank_b Posted October 25, 2014 Share Posted October 25, 2014 (edited) I hope i do understand your questions. First of all, includes in php are includes from the server's filesystem . That will say that you can include php files from any directory where you have enough rights to read them. And that means that you can include the files from a place outside your public html directories. (or web-root), For example if your webroot starts here: /var/www/public_html and your main index.php is here: /var/www/public_html/index.php then you could for example make a new directory in the /var/www directory and name him includes for example. in this new directory you can place your php include files like sessions.php for example. The result would be this: /var/www/includes/sessions.php /var/www/public_html/index.php inside the index.php you could include sessions.php: include '/var/www/includes/sessions.php'; But sessions.php is NOT available from outside the server. Edited October 25, 2014 by Frank_b Quote Link to comment Share on other sites More sharing options...
glassfish Posted October 25, 2014 Author Share Posted October 25, 2014 Thanks for the answers. I guess I may need ".htaccess" to block the access to the other files. Quote Link to comment Share on other sites More sharing options...
maxxd Posted October 25, 2014 Share Posted October 25, 2014 You don't. What Frank_b is suggesting is putting your included scripts above the web root, where the user can't access them anyway. Anything above the /public_html/ directory (in this server set-up, sometimes it's called /www/, sometimes it's /html_docs/) is inaccessible from the internet. So, by using something like require_once('../includes/IncludedFile.php'); from your /var/user_directory/public_html/index.php script, you'll be accessing /var/user_directory/includes/IncludedFile.php, and can use the functions or class in that script in your display file. Of course, Frank_b was recommending an absolute server path to the includes directory instead of the relative that I typed. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.