"if (self == top)" php equivalent or alternative?

[Rhialto]

I want to load a second page from index.php and for that I use "include second page" in it.

 

Then on the second page I wanted to use the well known JS "if (self == top)" in the beginning so if someone wanted to load that second page directly it would be redirected to index.php first but it's not working because when the index.php execute the include it triggers the JS.

 

Anyone have a solution for that?

 

Thanks

[Rhialto]

I'm doing my homework by searching around and yet I found a few solutions but I don't know which one to use so advices are welcome.

 

<?php 
if (eregi("INCLUDE_FILE", $_SERVER['PHP_SELF'])) {  
header('Location: index.php');
} 
?>

or

 

<?php 
if ($_SERVER['SCRIPT_FILENAME'] == '<path to php include file>') { 
    header('Location: index.php');
} 
?> 

 

Another idea is to check for a constant defined in index.php:

 

<?php 
if(!defined('IndexRead'){header('Location: index.php');} 
?>

 

Which one is the recommended one and why?

 

Thanks

[Pawn]

I've always just checked for any variable set by the including script. I'm sure the methods you've posted would work, but none are as simple as

 

// index.php

$included = TRUE;
include "file.php";

// file.php

if(!isset($included)) {
    header("Location: index.php");
    exit;
}

[Rhialto]

Thank you for your answer.

 

I've read it's not safe to use when register_globals is on.  The constant would be a similar and better option?

 

That's the one I'm currently playing with ans it works great but now I must debug elsewhere...  the joy of coding! 

[Pawn]

Why would you ever have register globals on? If you're interested in best practice, start by turning it off and leaving it off.

[ngreenwood6]

The defined constant is the best option that you have listed. You could also store it in a session variable if you wanted to. Store the session variable in index.php and clear it in the file.php so when you navigate to another page the variable is clear again to get set again. I would not use the eregi funcion as it is deprecated in 5.3.0 http://us.php.net/manual/en/function.eregi.php

[Pawn]

Why on earth would you use a session variable, or bother defining a constant? There's nothing wrong with a plain ol' $var.

[PFMaBiSmAd]

// detect direct access to included/required fileif(strtolower(basename($_SERVER["SCRIPT_NAME"])) == strtolower(basename(__FILE__))){   exit('No Direct Access');}

 

[Rhialto]

Why would you ever have register globals on? If you're interested in best practice, start by turning it off and leaving it off.

 

Did I say it was on?  If anyone else was reading I wanted to let them know your solution could be problematic if it was on. 

[ngreenwood6]

I like PFMaBiSmAd's solution as it seems the best. Can't believe I didnt think of that but that is probaly the best solution.

 

@pawn - the problem with that is if another variable is named that or a global is using that variable name it will take precedence over the one that you used.

[Rhialto]

 

// detect direct access to included/required fileif(strtolower(basename($_SERVER["SCRIPT_NAME"])) == strtolower(basename(__FILE__))){   header("Location: index.php");}

 

 

With over 10K posts and tagged recommended, should I assume you are giving us the best solution?