I've just got in to using includes - wow - what a time saver. Found this code snippet that works to protect your include files. You just redirect any one trying to access your includes files to a URL of your choice.
menu.php will see that IN_VALID has been defined and allow access, however try to directly access it, IN_VALID does not get defined and refuses access showing them 'Error: This File Cannot Be Accessed Directly'
you can change VALID to anything you want, so you could change it to IN_AUTH or IN_SECURITY etc and it'll still work. nobody will ever know what needs to be defined in able to gain access and proves this to be the ultimate in php file security
//Place This At The Begging Of The File Your Going To Include:
PHP Code:
<?php if ( !defined('IN_VALID') ) { die("<Center><B>Error: This File Cannot Be Accessed Directly</B><BR>To Return To The Main Site <a href=\"#\">Click Here</a></Center>"); } ?>
For example; say the file with the above code is now in is called menu.php, we have to specify IN_VALID so you can include it:
PHP Code:
<?php define('IN_VALID', true); include("menu.php"); ?>
Tested and working.
Hope it's useful
Chris
Linear Mode
