+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Using CodeIgniter (https://forum.codeigniter.com/forumdisplay.php?fid=5)
+--- Forum: Model-View-Controller (https://forum.codeigniter.com/forumdisplay.php?fid=10)
+--- Thread: defined('BASEPATH') OR exit('No direct script access allowed'); (/showthread.php?tid=71955)
defined('BASEPATH') OR exit('No direct script access allowed'); - imabot - 10-17-2018
Should the following line be added in
- controllers ?
- and/or models ?
- and/or views ?
PHP Code:
defined('BASEPATH') OR exit('No direct script access allowed');
RE: defined('BASEPATH') OR exit('No direct script access allowed'); - dave friend - 10-17-2018
The line exists to make sure the file is being used in a CodeIgniter environment. So I'd say the answer is it goes in any file where that is true. Controllers, Models and most other files that define a "class" would probably fit that description. Perhaps in views if they use CI classes, otherwise it's not necessary.
RE: defined('BASEPATH') OR exit('No direct script access allowed'); - imabot - 10-17-2018
(10-17-2018, 12:22 PM)dave friend Wrote: The line exists to make sure the file is being used in a CodeIgniter environment. So I'd say the answer is it goes in any file where that is true. Controllers, Models and most other files that define a "class" would probably fit that description. Perhaps in views if they use CI classes, otherwise it's not necessary.
Perfect answer, that's clear, thank you.
I'm still wondering why this line is mandatory. I don't see any security breach if the line is not added.
How could a malicious user access to something ? PHP script will return an empty page and classes or functions can't be called from an external website. Am I missing something ?
RE: defined('BASEPATH') OR exit('No direct script access allowed'); - Piotr - 10-17-2018
If you call $this->load->model('xmodel') outside CI environment you gonna get some errors.
This line check if your script is executed in CI "context". If not this stops execution of script.
There will be no code in this file executed after that.
RE: defined('BASEPATH') OR exit('No direct script access allowed'); - dave friend - 10-17-2018
It's called "security" by some and not by others. Maybe the best description is "It's a sanity check" for those unfamiliar with CI and for newbies.
RE: defined('BASEPATH') OR exit('No direct script access allowed'); - Gurutechnolabs - 10-18-2018
defined('BASEPATH') OR exit('No direct script access allowed');
i am using it in controllers file.
RE: defined('BASEPATH') OR exit('No direct script access allowed'); - InsiteFX - 10-18-2018
I make it a habit to copy it to all of the folders I add to my applications.
For Sanity sake.