Prevent loading of php pages

**Paul Herber** · Apr 26 '06, 11:05 PM

Re: Prevent loading of php pages

On Wed, 26 Apr 2006 23:53:13 +0200, "Garry Jones"
<garry.jones@mo rack.se> wrote:
[color=blue]
>I have a website consisting of php segments.
>
>Example
>page1.html calls in code from seg1.php and seg2.php
>
>If the user goes directly to www.mydomain.com/seg1.php they see everything
>visible to a browser on that page.
>
>Can I prevent users from loading individual php segments. The only time that
>seg1.php should be visible is in its original context on page1.html[/color]

Would anyone ever guess that files by that name existed?
Call them seg1_56rt568.ph p and seg2_56rt569.ph p

--
Regards, Paul Herber, Sandrila Ltd. http://www.pherber.com/
Electronics for Visio http://www.electronics.sandrila.co.uk/

**Chung Leong** · Apr 26 '06, 11:25 PM

Re: Prevent loading of php pages

Something like this at the top of the include file would work:

count(get_inclu ded_files()) > 1 or die();

But really, including files in lieu of calling functions is kind of
lame.

**Dana Cartwright** · Apr 27 '06, 01:25 AM

Re: Prevent loading of php pages

>I have a website consisting of php segments.[color=blue]
>
> Example
> page1.html calls in code from seg1.php and seg2.php
>
> If the user goes directly to www.mydomain.com/seg1.php they see everything
> visible to a browser on that page.
>
> Can I prevent users from loading individual php segments. The only time
> that seg1.php should be visible is in its original context on page1.html
>[/color]

The way Joomla and Mambo handle this is as follows:

In page1.php (surely you meant .php, not .html?) you do this right at the
top:

define( 'MAIN_PAGE_LOAD ED', TRUE );

Then, in "seg1" and "seg2" you do this, again right at the top:

defined( 'MAIN_PAGE_LOAD ED' ) or die ( 'This page is restricted' );

So, you prevent 'seg1' and 'seg2' from being directly loaded by the user.
They can only be used as include files in 'page1'.

Seems like a simple and effective solution.

-Dana

**Jerry Stuckle** · Apr 27 '06, 04:15 AM

Re: Prevent loading of php pages

Garry Jones wrote:[color=blue]
> I have a website consisting of php segments.
>
> Example
> page1.html calls in code from seg1.php and seg2.php
>
> If the user goes directly to www.mydomain.com/seg1.php they see everything
> visible to a browser on that page.
>
> Can I prevent users from loading individual php segments. The only time that
> seg1.php should be visible is in its original context on page1.html
>
> Garry Jones
> Sweden
>
>
>[/color]

Simply put them outside of your DOCUMENT_ROOT where they can't be accessed
directly by a browser.

--
=============== ===
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attgl obal.net
=============== ===

**Garry Jones** · Apr 27 '06, 08:45 AM

Re: Prevent loading of php pages

"Jerry Stuckle" <jstucklex@attg lobal.net> skrev i meddelandet
news:eIOdnRkcYd 5i3c3ZRVn-gA@comcast.com. ..
[color=blue]
> Simply put them outside of your DOCUMENT_ROOT where they can't be accessed
> directly by a browser.[/color]

How do I do that?

(Excuse the newbie follow up question. I searched around in Google but can't
quite grasp this).

Thanks to you and all others who answer my questions here, I am enlightened.

Garry Jones
Sweden

**Garry Jones** · Apr 27 '06, 09:35 AM

Re: Prevent loading of php pages

"Dana Cartwright" <danapub2@weave maker.com> skrev i meddelandet
news:nRU3g.1548 $Gg.1009@twiste r.nyroc.rr.com. ..
[color=blue]
> defined( 'MAIN_PAGE_LOAD ED' ) or die ( 'This page is restricted' );[/color]

Thanks for your answer.

Instead of 'This page is restricted' can I have a weblink for them to click
or even an auto redirect to the my index page?

Garry Jones
Sweden

**Jerry Stuckle** · Apr 27 '06, 12:35 PM

Re: Prevent loading of php pages

Garry Jones wrote:[color=blue]
> "Jerry Stuckle" <jstucklex@attg lobal.net> skrev i meddelandet
> news:eIOdnRkcYd 5i3c3ZRVn-gA@comcast.com. ..
>
>[color=green]
>>Simply put them outside of your DOCUMENT_ROOT where they can't be accessed
>>directly by a browser.[/color]
>
>
> How do I do that?
>
> (Excuse the newbie follow up question. I searched around in Google but can't
> quite grasp this).
>
> Thanks to you and all others who answer my questions here, I am enlightened.
>
> Garry Jones
> Sweden
>
>
>[/color]

The document root id the root directory of your website. But it is not the root
directory of your machine. For instance, your document root might be
"/var/www/website1/html".

When you upload them, put them in a directory below the root of your website,
i.e. "/var/www/website1/myfiles". You can then include this page in your
other PHP pages with something like (assuming Apache):

include($_SERVE R['DOCUMENT_ROOT'] . '/../myfiles/my.inc.php');

Anyone accessing a page through http protocol can only access those files in
your web root. But PHP accesses the file system directly, so it can access any
file on the system (assuming the appropriate permissions are set).

--
=============== ===
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attgl obal.net
=============== ===

Prevent loading of php pages

Prevent loading of php pages

Comment

Comment

Comment

Comment

Comment

Comment

Comment