Hey guys,
Here with a quick tutorial. Something I found particularly useful over the years.
Ever found yourself being hacked because people can access your scripts core files? I know my scripts use to be vulnerable. There’s a way to avoid this though. Basically you want to put at the top of every private file, a one-liner of code, and then ontop of every public file, you define a variable. Heres what I did to solve this.
This goes ontop of every private file.
|
1 |
if(!defined('BASEPATH')) die('No direct access allowed!'); |
This will ultimately check to see if BASEPATH has been defined, and obviously it hasnt been defined yet, nor will it be ever on this file, so it will always return true, exiting the script, and printing out “No direct access allowed!”. You’ve probably already figured out the next step.
If you assumed that you need to define the BASEPATH variable on the public file, you are correct 
This will allow the public file to access the private file, but not the user viewing the public file. Heres what you put on the public file.
|
1 |
define('BASEPATH',realpath('.')); |
NOTE: You must define this variable before everything else. If you are requiring or including a file that needs to have that variable, it needs to be defined before you include that file. Otherwise it will return “No direct access allowed!” even on the public file, ultimate shutting down that page.
Also, a good practice always says to put a index.html file in every directory that doesn’t have a index.php file, or index.html file. This will keep people from getting a directory and file tree.
Thanks for reading, Izikeo
