RE: [PHP] Making your include files invisible (header() in if loop)
Or even better put them outside your www root. > -Original Message- > From: Erik Price [mailto:[EMAIL PROTECTED]] > Sent: Friday, February 01, 2002 4:19 PM > To: qartis > Cc: [EMAIL PROTECTED] > Subject: Re: [PHP] Making your include files invisible (header() in if > loop) > > > > On Thursday, January 31, 2002, at 11:50 PM, qartis wrote: > > > I wanted to hide the existance of my include files by making them > > 'invisible': give a 404 error when requested. This worked, > but the files > > that were including were obviously 404ing too. So I decided to use > > $PHP_SELF > > and check whether the script's PHP_SELF was it's filename, > which would > > mean > > that it was being accessed directly, as opposed to being included. > > Just don't name any of your real files "include"! If you > have access to > your web server, you can easily set a directive in httpd.conf > (assuming > you're using Apache) to deny any file serve request with the > following > line: > > > Order allow,deny > Deny from all > > > > > Erik > > > > > Erik Price > Web Developer Temp > Media Lab, H.H. Brown > [EMAIL PROTECTED] > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > To contact the list administrators, e-mail: > [EMAIL PROTECTED] > The information contained in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any form of disclosure, production, distribution or any action taken or refrained from in reliance on it, is prohibited and may be unlawful. Please notify the sender immediately. The content of the email is not legally binding unless confirmed by letter bearing two authorized signatures. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Making your include files invisible (header() in if loop)
On Thursday, January 31, 2002, at 11:50 PM, qartis wrote: > I wanted to hide the existance of my include files by making them > 'invisible': give a 404 error when requested. This worked, but the files > that were including were obviously 404ing too. So I decided to use > $PHP_SELF > and check whether the script's PHP_SELF was it's filename, which would > mean > that it was being accessed directly, as opposed to being included. Just don't name any of your real files "include"! If you have access to your web server, you can easily set a directive in httpd.conf (assuming you're using Apache) to deny any file serve request with the following line: Order allow,deny Deny from all Erik Erik Price Web Developer Temp Media Lab, H.H. Brown [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] Making your include files invisible (header() in if loop)
I don't know if this is related but header() must be called before any actual output is sent. One way to resolve this is to use the ob_start() tag at the start of the code, this turns output buffering on. Mind you I am no expert and stand ready to be corected and berated. Peter I wanted to hide the existance of my include files by making them 'invisible': give a 404 error when requested. This worked, but the files that were including were obviously 404ing too. So I decided to use $PHP_SELF and check whether the script's PHP_SELF was it's filename, which would mean that it was being accessed directly, as opposed to being included. I tried this code: (include.php) at the top of the include files, but it wasn't working. Change the header() to an echo and test it. It echoed. So it's a problem with the header(). I tried this: and it worked perfectly. Can header() not be in an if loop or something like that? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
