Login

seasenx6 · 09-27-2015, 07:54 PM

defined('BASEPATH') OR exit('No direct script access allowed');

What is it ? and For What ? have Example is good ><

thank you

InsiteFX · 09-27-2015, 09:01 PM

If your BASEPATH is not defined by index.php then it will display the No direct script access allowed.

This is to keep un-wanted users out of your folders and files.

seasenx6 · (This post was last modified: 09-27-2015, 09:38 PM by seasenx6.)

"This is to keep un-wanted users out of your folders and files."

you mean hacker will hack is difficult ?

RogerMore · 09-28-2015, 02:30 AM

Normally every php file can be run which can reveal parts of your site or cause other unwanted output like error messages if that file isn't meant to be run from the web.

The line with BASEPATH prevents naughty people to get output from files that are only to be used by the framework like php files in your model and views folders.

Beware, this doesn't mean it makes your site unhackable!! It just maybe prevents some people from getting easy useful information which can be used for hacking your site.

***Narf*** · 09-28-2015, 02:40 AM

(09-27-2015, 09:38 PM)seasenx6 Wrote: "This is to keep un-wanted users out of your folders and files."

you mean hacker will hack is difficult ?

It's not about hacking, just preventing code to be executed when it's not supposed to.

sneakyimp · 11-07-2017, 03:30 PM

(09-28-2015, 02:30 AM)RogerMore Wrote: Normally every php file can be run which can reveal parts of your site or cause other unwanted output like error messages if that file isn't meant to be run from the web.

The line with BASEPATH prevents naughty people to get output from files that are only to be used by the framework like php files in your model and views folders.

Beware, this doesn't mean it makes your site unhackable!! It just maybe prevents some people from getting easy useful information which can be used for hacking your site.

Does this line really offer any meaningful protection, though?
1) I've yet to see a controller that does anything other than just define a class. Accessing such a file directly would define the class but absolutely nothing else.
2) If the user is able to inject some PHP file of their own to include/require these files, then nothing will stop them from just definining some arbitrary BASEPATH of their own, thereby defeating this line of code.

***Narf*** · 11-08-2017, 03:19 AM

(11-07-2017, 03:30 PM)sneakyimp Wrote:
(09-28-2015, 02:30 AM)RogerMore Wrote: Normally every php file can be run which can reveal parts of your site or cause other unwanted output like error messages if that file isn't meant to be run from the web.

The line with BASEPATH prevents naughty people to get output from files that are only to be used by the framework like php files in your model and views folders.

Beware, this doesn't mean it makes your site unhackable!! It just maybe prevents some people from getting easy useful information which can be used for hacking your site.
Does this line really offer any meaningful protection, though?
1) I've yet to see a controller that does anything other than just define a class. Accessing such a file directly would define the class but absolutely nothing else.
2) If the user is able to inject some PHP file of their own to include/require these files, then nothing will stop them from just definining some arbitrary BASEPATH of their own, thereby defeating this line of code.

1) Not all files are controllers or class declarations with no side effects.
2) Unrelated.

Again, it's just a basic sanity check. Nobody should view it as a security measure.

Login
Username:
Password:	Lost Password?
	Remember me