CodeIgniter Forums
about defined('BASEPATH') ? - Printable Version

+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Using CodeIgniter (https://forum.codeigniter.com/forum-5.html)
+--- Forum: General Help (https://forum.codeigniter.com/forum-24.html)
+--- Thread: about defined('BASEPATH') ? (/thread-63111.html)



about defined('BASEPATH') ? - seasenx6 - 09-27-2015

defined('BASEPATH') OR exit('No direct script access allowed');

What is it ? and For What ? have Example is good ><

thank you


RE: about defined('BASEPATH') ? - InsiteFX - 09-27-2015

If your BASEPATH is not defined by index.php then it will display the No direct script access allowed.

This is to keep un-wanted users out of your folders and files.


RE: about defined('BASEPATH') ? - seasenx6 - 09-27-2015

"This is to keep un-wanted users out of your folders and files."

you mean hacker will hack is difficult ?


RE: about defined('BASEPATH') ? - RogerMore - 09-28-2015

Normally every php file can be run which can reveal parts of your site or cause other unwanted output like error messages if that file isn't meant to be run from the web.

The line with BASEPATH prevents naughty people to get output from files that are only to be used by the framework like php files in your model and views folders. 

Beware, this doesn't mean it makes your site unhackable!! It just maybe prevents some people from getting easy useful information which can be used for hacking your site.


RE: about defined('BASEPATH') ? - Narf - 09-28-2015

(09-27-2015, 09:38 PM)seasenx6 Wrote: "This is to keep un-wanted users out of your folders and files."

you mean hacker will hack is difficult ?

It's not about hacking, just preventing code to be executed when it's not supposed to.


RE: about defined('BASEPATH') ? - sneakyimp - 11-07-2017

(09-28-2015, 02:30 AM)RogerMore Wrote: Normally every php file can be run which can reveal parts of your site or cause other unwanted output like error messages if that file isn't meant to be run from the web.

The line with BASEPATH prevents naughty people to get output from files that are only to be used by the framework like php files in your model and views folders. 

Beware, this doesn't mean it makes your site unhackable!! It just maybe prevents some people from getting easy useful information which can be used for hacking your site.
Does this line really offer any meaningful protection, though?
1) I've yet to see a controller that does anything other than just define a class. Accessing such a file directly would define the class but absolutely nothing else.
2) If the user is able to inject some PHP file of their own to include/require these files, then nothing will stop them from just definining some arbitrary BASEPATH of their own, thereby defeating this line of code.


RE: about defined('BASEPATH') ? - Narf - 11-08-2017

(11-07-2017, 03:30 PM)sneakyimp Wrote:
(09-28-2015, 02:30 AM)RogerMore Wrote: Normally every php file can be run which can reveal parts of your site or cause other unwanted output like error messages if that file isn't meant to be run from the web.

The line with BASEPATH prevents naughty people to get output from files that are only to be used by the framework like php files in your model and views folders. 

Beware, this doesn't mean it makes your site unhackable!! It just maybe prevents some people from getting easy useful information which can be used for hacking your site.
Does this line really offer any meaningful protection, though?
1) I've yet to see a controller that does anything other than just define a class. Accessing such a file directly would define the class but absolutely nothing else.
2) If the user is able to inject some PHP file of their own to include/require these files, then nothing will stop them from just definining some arbitrary BASEPATH of their own, thereby defeating this line of code.

1) Not all files are controllers or class declarations with no side effects.
2) Unrelated.

Again, it's just a basic sanity check. Nobody should view it as a security measure.