I didn't read the first parts of this thread, but the reason for it working
in the first example and not the second is because the web server/php engine
process php files when they're called over HTTP. This means that the
define() call is being executed, but your primary script only includes what
is sent through output. Since there is no output, there is no value to
include.
You can include("/path/to/local/dir/file.php") and it'll simply include the
source code, not the processed output. But anything being called via HTTP
will be processed as if you were viewing that file from a web browser.
/* Chris Lambert, CTO - [EMAIL PROTECTED]
WhiteCrown Networks - More Than White Hats
Web Application Security - www.whitecrown.net
*/
----- Original Message -----
From: Thomas David Kehoe <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, July 10, 2001 2:37 PM
Subject: Re: [PHP] how to hide dbconnect file if its in publisheddirectory?
| The suggestion to use the ".php" extension instead of the ".inc" extension
| doesn't work.
|
| I created to identical files, swordfish.php and swordfish.inc, containing
| the following script:
|
| <?php
| define("PASSWORD", "swordfish");
| ?>
|
| When I use the following lines
|
| include ('http://www.friendshipcenter.com/Objects/swordfish.inc');
| echo "Your password is ", PASSWORD;
|
| it works, i.e., prints "Your password is swordfish."
|
| When I use the following lines
|
| include ('http://www.friendshipcenter.com/Objects/swordfish.php');
| echo "Your password is ", PASSWORD;
|
| it doesn't work, i.e., prints "Your password is PASSWORD."
|
| I tried putting swordfish.inc in my "cgi-bin" directory, which is outside
my
| "www" directory. I can't figure out what pathname to call it with. I.e.,
|
| include ('cgi-bin/swordfish.inc');
|
| can't find the file.
|
| As I wrote earlier, my .inc files can be read by anyone typing in the URL.
| It doesn't matter if there are <?php ?> lines. .inc files don't execute.
|
| I rent server space from phpwebhosting.com, so I can't change the PHP
| settings.
|
| Any other ideas how to hide a password file?
| --
| Thomas David Kehoe, author of
| "THE EVOLUTION OF INTIMATE RELATIONSHIPS"
| How Our Brains Are Hardwired For Relationships
| http://www.FriendshipCenter.com/TEIR/
|
|
| --
| PHP General Mailing List (http://www.php.net/)
| To unsubscribe, e-mail: [EMAIL PROTECTED]
| For additional commands, e-mail: [EMAIL PROTECTED]
| To contact the list administrators, e-mail: [EMAIL PROTECTED]
|
|
|
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] how to hide dbconnect file if its in publisheddirectory?
Chris Lambert - WhiteCrown Networks Tue, 10 Jul 2001 11:16:34 -0700
- [PHP] Re: how to hide dbconnect file i... James, Yz
- Re: [PHP] how to hide dbconnect file i... John Weaver
- Re: [PHP] how to hide dbconnect f... Rasmus Lerdorf
- Re: [PHP] how to hide dbconne... John Weaver
- Re: [PHP] how to hide dbc... [EMAIL PROTECTED]
- RE: [PHP] how to hide... Navid A. Yar
- Re: [PHP] how to... [EMAIL PROTECTED]
- Re: [PHP] ho... John Weaver
- Re: [PHP] how to hide... John Weaver
- Re: [PHP] how to hide dbc... Thomas David Kehoe
- Re: [PHP] how to hide... Chris Lambert - WhiteCrown Networks
- Re: [PHP] how to hide... teo
- Re: [PHP] how to hide dbconnect f... Mark Ferraretto
- RE: [PHP] how to hide dbconnect file i... scott [gts]
- Re: [PHP] how to hide dbconnect file i... hassan el forkani
- Re: [PHP] how to hide dbconnect f... Don Read
- Re: [PHP] how to hide dbconne... Chris Anderson
- Re: [PHP] how to hide dbconne... Rasmus Lerdorf
- Re: [PHP] how to hide dbc... Don Read
- Re: [PHP] how to hide... Rasmus Lerdorf
- Re: [PHP] how to hide dbconnect f... Rasmus Lerdorf
