[SOLVED] Securing my include files

[drakal30]

What is a simple but effective way to make it so my include files can only be executed from a page on my website.  I do not have access to the php.ini file so I cannot secure it that way.  Basically my layout is /root_web and /root_web/includes/

 

 

I want to make it so that a person could just goto /root_web/includes/some_file, I want the files to be only access by files already in /root_web.

 

Thanks in advance.

[rlindauer]

You can include a line of code at the top of the includes that checks for a constant that is only defined by the page that includes them.

 

include1.php:

<?php 
if (!defined('IN_SITE')) die("Direct access is not allowed"); 
?>

 

Then in your index.php or whatever page is requested, you define IN_SITE.

<?php

define('IN_SITE', true);

// include files
?>

 

[teng84]

try adding an index page on that dir so when they access that your index is what they will see

[phpSensei]

try adding an index page on that dir so when they access that your index is what they will see

 

OMG, haha, I thought i was the only one in the world that did that.

[drakal30]

Thanks all, yeah I have an index file in my include directory that stops browsing, but the if (!defined('IN_SITE')) die("Direct access is not allowed");  was definately what I was looking for THANKS!

[wsantos]

try adding an index page on that dir so when they access that your index is what they will see

 

OMG, haha, I thought i was the only one in the world that did that.

 

That makes three of us...