On Sat, 16 Oct 2004 22:04:33 -0400, Gh <[EMAIL PROTECTED]> wrote:
Your right, this is not what I was expecting, I was thinking there was another way... Sounds good.. but any other suggestions?
On Sat, 16 Oct 2004 21:40:56 -0400, Minuk Choi <[EMAIL PROTECTED]> wrote:well, this is probably not what you were expecting... but you can try this
admin_template.php -- $parent = true; include('important.php'); --
important.php -- if (!isset($parent) || !$parent) exit();
//important stuff here. --
Of course, this only works assuming that the would-be hacker doesn't know
HOW you are authenticating the file. If you are going to try this method,
mix it up, use a rather unique variable name and or use a value that is hard
to guess.
-Minuk
----- Original Message ----- From: "GH" <[EMAIL PROTECTED]> To: "PHP General" <[EMAIL PROTECTED]> Sent: Saturday, October 16, 2004 9:15 PM Subject: [PHP] Is there a way to...
> Is there a way to make sure that a page is only loaded via a > > require or include statement? or other type of SSI? > > I would like to make sure that a 'parent document' (namely > admin_template.php) only calls the php file? > > Thanks >
I often do it this way:
main.php:
<? define('MyScript', '1.0'); include('file.php'); ?>
file.php: <? if (!defined('MyScript')) die("Access denite"); ?>
To hack this, the attacker needs filesystem access to your script - an if this happens, that should be your smallest problem...
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php