[Phplogcon-dev] not allow certain files to be access
Brian Shea
bgshea at gmail.com
Wed Dec 7 06:35:50 CET 2005
Michael, here is the code section that will disallow access to php files
from the URL.
It basically looks at the file name in the $_SERVER[script_name] to see if
it mathces itself.
// BGS -- do not allow access from URL
$filename = substr(__FILE__, strrpos( __FILE__, "/" ));
$requestname = substr($_SERVER['SCRIPT_NAME'], strrpos(
$_SERVER['SCRIPT_NAME'], "/" ));
if( $filename == $requestname )
{
session_unset();
header("Location: ../index.php");
exit;
}
// BGS end
On 12/6/05, Brian Shea <bgshea at gmail.com> wrote:
>
> The code is just below the GNU license marked with
>
> // BGS --
>
> // BGS end
>
> the first section is the trailing '/' (slash) removal, the second section
> is the diss allow. I dont have the code in front of me to look at.
>
>
> On 12/6/05, Michael Meckelein <mmeckelein at hq.adiscon.com> wrote:
> >
> > Hi Brian,
> >
> > I need your help. Please can you point me to where I can find the
> > following modification?
> >
> > > added php code to not allow certain files to be access by the
> > > URL!!! esp. include.php and config.php
> >
> > Thank you.
> >
> > Best regards,
> > Michael
> > _______________________________________________
> > Phplogcon-dev mailing list
> > http://lists.adiscon.net/mailman/listinfo/phplogcon-dev
> >
>
>
More information about the Phplogcon-dev
mailing list