Jump to content
MakeWebGames

.htaccess or php help needed

shedh

By shedh
in PHP

 Share

Recommended Posts

shedh Newbie

shedh

Posted
Posted

right i don't know what to use for this problem i am having

basically i have a index.php file which includes data from other files from a folder, all pages in that folder only work by using the index.php file

what i need to do is block people from directly accessing the files in the folder

what should i do

 

if you don't understand what i mean here's a pic of what should and shouldn't happen:

prob001.jpg

Guest Anonymous

Guest Anonymous

Posted
Posted

Re: .htaccess or php help needed

To block them accessing the file directly add this to the content.php file after the php tag:

if (basename(__FILE__) == basename($_SERVER['PHP_SELF'])){ exit; }
Floydian Newbie

Floydian

Posted
Posted

Re: .htaccess or php help needed

One method of ensuring your files are only accessed when you want them to, and this would apply to .php files is:

In the index.php script, define a constant. Something like

define('BLAHFOO', true, true);

 

Then scripts in the subfolder would get this code:

if (!defined('BLAHFOO') ) {die();}

This would be a standard way of locking down scripts, especially in applications that are distributed and forcing the person that installs the application to put one file in the public folder and another file somewhere else makes for a clumsy installation and it's not guaranteed that the user has access to files outside of the public folder.

 

Personally, I use this method because I like my folder/file hierarchy to reflect the actual hierarchy of the scripts in the application. Placing the main script in a folder deeper down in the folder system than the scripts that included into the main script, seems awkward to me. To be sure, it's great for security and I recommend using it. I do put crons out of the public folder. But then again, crons aren't included into the main script, so it fits the hierarchy. :)

 

Ze0n's method looks good on the surface, but has a security vulnerability in that, it's possible to fool that code...

 

Don't believe me, try adding a /asdf to the end of the script's url and see if you can't get past that "nifty" bit of basenamage :)

Dave Community Regular

Dave

Posted
Posted

Re: .htaccess or php help needed

hmmm, Floydian your idea wouldn't work on a globals.php... just wondering would there be anything strictly wrong with using

$page = explode('/', $_SERVER['PHP_SELF']);
if (basename(__FILE__) == basename($page[1])){ echo 'Direct access is denied to this file'; exit; }

It works and stops people doing filename.php/blahsavaf

shedh Newbie

shedh

Posted
  • Author
Posted

Re: .htaccess or php help needed

 

hmmm, Floydian your idea wouldn't work on a globals.php... just wondering would there be anything strictly wrong with using

 

$page = explode('/', $_SERVER['PHP_SELF']);
if (basename(__FILE__) == basename($page[1])){ echo 'Direct access is denied to this file'; exit; }

 

It works and stops people doing filename.php/blahsavaf

well am not using this for mccode game engine, am going to use it in my own game engine, which i wont be releasing.

Floydian Newbie

Floydian

Posted
Posted

Re: .htaccess or php help needed

iamwicked, you're off on a tangent here. The topic is about using an index.php page which includes other files into it.

For instance:

// the attack page

index.php?page=attack

// the inventory page

index.php?page=inventory

The reason what I said wouldn't work on mccodes is because all the pages are accessed directly in the first place.

Now, making sure no one accesses globals.php is probably pointless since globals.php appears on the second line of most mccodes scripts and would simply result in an empty page.

Dave Community Regular

Dave

Posted
Posted

Re: .htaccess or php help needed

The above script denies direct access to globals.php, Some mods can be abused if access to globals is allowed.

  • 3 months later...
Magictallguy Collaborator

Magictallguy

Posted
Posted

Re: .htaccess or php help needed

A slight edit to OperationJarhead's method..

if($_SERVER['PHP_SELF'] == __FILE__) { exit; }

 

You could also rename the included files to filename.inc.php then add the following code into an .htaccess file.

<Files ~ "\.inc.php$">
Order Allow,Deny
Deny from All
</Files>
CrazyT Newbie

CrazyT

Posted
Posted

Re: .htaccess or php help needed

 

One method of ensuring your files are only accessed when you want them to, and this would apply to .php files is:

In the index.php script, define a constant. Something like

define('BLAHFOO', true, true);

 

Then scripts in the subfolder would get this code:

if (!defined('BLAHFOO') ) {die();}

This would be a standard way of locking down scripts, especially in applications that are distributed and forcing the person that installs the application to put one file in the public folder and another file somewhere else makes for a clumsy installation and it's not guaranteed that the user has access to files outside of the public folder.

 

Personally, I use this method because I like my folder/file hierarchy to reflect the actual hierarchy of the scripts in the application. Placing the main script in a folder deeper down in the folder system than the scripts that included into the main script, seems awkward to me. To be sure, it's great for security and I recommend using it. I do put crons out of the public folder. But then again, crons aren't included into the main script, so it fits the hierarchy. :)

 

Ze0n's method looks good on the surface, but has a security vulnerability in that, it's possible to fool that code...

 

Don't believe me, try adding a /asdf to the end of the script's url and see if you can't get past that "nifty" bit of basenamage :)

Or you could do

define('Something') or die('Get out of here!');
CrazyT Newbie

CrazyT

Posted
Posted

Re: .htaccess or php help needed

 

Or you could do

define('Something') or die('Get out of here!');

 

Don't you mean

 

if(!defined('Something')) die('Get out here!');

 

Or you could do

define('Something') or die('Get out of here!');

 

Don't you mean

 

if(!defined('Something')) die('Get out here!');

 

No.

Magictallguy Collaborator

Magictallguy

Posted
Posted

Re: .htaccess or php help needed

 

Or you could do

define('Something') or die('Get out of here!');

 

Don't you mean

 

if(!defined('Something')) die('Get out here!');

 

No.

Haunted Dawg's method is correct.

So yes, you do mean that..

CrazyT Newbie

CrazyT

Posted
Posted

Re: .htaccess or php help needed

 

Or you could do

define('Something') or die('Get out of here!');

 

Don't you mean

 

if(!defined('Something')) die('Get out here!');

 

No.

Haunted Dawg's method is correct.

So yes, you do mean that..

defined('Something') or die('Get out of here!');

I forgot the 'd' thats all that is what i ment!^

CrazyT Newbie

CrazyT

Posted
Posted

Re: .htaccess or php help needed

 

You should maybe do some testing..

I don't need to..

First put

defined('something') or die('Error');
echo 'hi';

^It will say error.

define('something', true);

^Now put that before^ 

defined('something') or die('Error');
shedh Newbie

shedh

Posted
  • Author
Posted

Re: .htaccess or php help needed

lol ok, i don't think you understood what i said, i got it sorted.... problem fixed, buh rreallyglad people helped out

  • 4 months later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...