[SOLVED] If not included "oh heck no!"

[robindean]

how do I insure that a document that is intended to be "included" by another document isn't accessed directly?

 

Better still, how do I make the included document say "if I'm not included by the intended parent, print('');"

[Orio]

Two ways I used in the past:

 

1) If it's not a php file, place the file in a directory that has a .htaccess that contains the line:

Deny from all

 

2) Do it this way (this is for including php files):

<?php
//this is includer.php -> The file that includes the other file

$include = 1;
include("included-file.php");
?>

<?php
//this is included-file.php -> The file being included

if(!isset($include)) die("No direct access!");
else
{
//...
}

?>

 

 

Orio.

[artacus]

Check $_SERVER['SCRIPT_NAME'] it will be different when called directly and when included.

[per1os]

You can do a variable check and just make sure that the variable is what was intended IE:

 

file to be included
<?php
if (isset($_POST['varCheck']) || isset($_GET['varCheck'])) {
    die('You should not be here'); // prevent people from hacking their way in via post and get.
}elseif ($varCheck == "someString") {
   print "display this data.";
}else {
   die('you should not be here');
}

?>

 

file that includes the file
<?php
$varCheck = "someString";
include('fileinclude.php');
?>

 

--FrosT

[robindean]

Thanks all. I'll giver 'er a go in about an hour.

 

For some reason I'm not receiving notification via email. What is the FROM address for response notifications?