Jump to content

Protecting class/include files


criostage

Recommended Posts

I been wondering how to protect all the files that contain classes, functions and forms in php to prevent direct access to something that the user shouldnt be able to without the proper check's (typing http://server/inc/login.php insteand of http://server/), and i came to this small idea of checking if an object is set or not but i m wondering if this is really the best idea here's what i have (the case bellow will protect an login form to be accessed directly):

 

<?php
    if(!isset($mysqlobj)) die();
    if( isset( $_POST['username'] ) && isset( $_POST['password'] ) ){
        $login = authentication::login( $_POST['username'], $_POST['password'] );
        if( $login == true ){
            header( 'location:?go=home' );
        }else{
            $_SESSION['message'] = 'loginfailed';
            header( 'location:?go=login' );
        }
    }else{
      if( !empty($_SESSION['logged'] ) && $_SESSION['logged'] == true ){
          header( 'location:?go=home' );
      }else{
          ?>
            <div id="loginform">
                <form action="?go=login" method="post">
                    <table align="center">
                        <tr>
                            <td><font size="2">Username</font></td>
                            <td><input type="text" name="username" /></td>
                        </tr>
                        <tr>
                            <td><font size="2">Password</font></td>
                            <td><input type="password" name="password" /></td>
                        </tr>
                        <tr>
                            <td colspan="2" align="center"><input type="submit" value="Login" /></td>
                        </tr>
                    </table>
                </form>
                </div>               
          <?php
      }   
    }
?>

 

Just looking for an "best practice" i tried google for it but i couldnt get to an straight awnser any enlightment is appreciated.

Link to comment
Share on other sites

You can place them outside the web root and you can include a check at the beginning of each file that dies if the URL points to that file directly.

 

Note, however, that if someone navigates directly to your class file nothing will happen.  The class will be parsed and they'll see a white screen.

 

-Dan

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.