July 20 2013

Protect PHP class file that must be include

Tagged Under : ,

php
Here we describe how we can protect our class file that calling with include function, but it was not secure and its have big risk. For the solution if we can make the file cannot execute or calling when it not include by PHP file.

Why we need it? because when someone try calling http://localhost/module/foo.class.php it will be successful and maybe some accident will happen here.

if( basename( __FILE__ ) == basename( $_SERVER['PHP_SELF'] ) ) exit();

Add above script to PHP class. It will stop process when it not included by PHP.
if( basename( __FILE__ ) == basename( $_SERVER['PHP_SELF'] ) ) exit();

class foo {
	public function property() {
		return 'delivery';
	}
}

Make a Comment

You must be logged in to post a comment.