• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
about defined('BASEPATH') ?

#1
Wink 
defined('BASEPATH') OR exit('No direct script access allowed');

What is it ? and For What ? have Example is good ><

thank you
Reply

#2
If your BASEPATH is not defined by index.php then it will display the No direct script access allowed.

This is to keep un-wanted users out of your folders and files.
What did you Try? What did you Get? What did you Expect?

Joined CodeIgniter Community 2009.  ( Skype: insitfx )
Reply

#3
"This is to keep un-wanted users out of your folders and files."

you mean hacker will hack is difficult ?
Reply

#4
Normally every php file can be run which can reveal parts of your site or cause other unwanted output like error messages if that file isn't meant to be run from the web.

The line with BASEPATH prevents naughty people to get output from files that are only to be used by the framework like php files in your model and views folders. 

Beware, this doesn't mean it makes your site unhackable!! It just maybe prevents some people from getting easy useful information which can be used for hacking your site.
Reply

#5
(09-27-2015, 09:38 PM)seasenx6 Wrote: "This is to keep un-wanted users out of your folders and files."

you mean hacker will hack is difficult ?

It's not about hacking, just preventing code to be executed when it's not supposed to.
Reply

#6
(09-28-2015, 02:30 AM)RogerMore Wrote: Normally every php file can be run which can reveal parts of your site or cause other unwanted output like error messages if that file isn't meant to be run from the web.

The line with BASEPATH prevents naughty people to get output from files that are only to be used by the framework like php files in your model and views folders. 

Beware, this doesn't mean it makes your site unhackable!! It just maybe prevents some people from getting easy useful information which can be used for hacking your site.
Does this line really offer any meaningful protection, though?
1) I've yet to see a controller that does anything other than just define a class. Accessing such a file directly would define the class but absolutely nothing else.
2) If the user is able to inject some PHP file of their own to include/require these files, then nothing will stop them from just definining some arbitrary BASEPATH of their own, thereby defeating this line of code.
Reply

#7
(11-07-2017, 03:30 PM)sneakyimp Wrote:
(09-28-2015, 02:30 AM)RogerMore Wrote: Normally every php file can be run which can reveal parts of your site or cause other unwanted output like error messages if that file isn't meant to be run from the web.

The line with BASEPATH prevents naughty people to get output from files that are only to be used by the framework like php files in your model and views folders. 

Beware, this doesn't mean it makes your site unhackable!! It just maybe prevents some people from getting easy useful information which can be used for hacking your site.
Does this line really offer any meaningful protection, though?
1) I've yet to see a controller that does anything other than just define a class. Accessing such a file directly would define the class but absolutely nothing else.
2) If the user is able to inject some PHP file of their own to include/require these files, then nothing will stop them from just definining some arbitrary BASEPATH of their own, thereby defeating this line of code.

1) Not all files are controllers or class declarations with no side effects.
2) Unrelated.

Again, it's just a basic sanity check. Nobody should view it as a security measure.
Reply


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2020 MyBB Group.