see view directory pages! |
[eluser]WebbHelp[/eluser]
Hi! I just saw that I could go to a adress like this: http://www.site.com/system/application/views/file.php And it was opened in the webbrowser. If this would be an admin page this is a security hole. I mean: in the controller admin files, I did in the constructor, if a session: $_SESSION['admin'] exists, if is not, then redirect to another page. But Do I need to do it in my controller AND in the view files? It feels... strange... If I need to check if the visitor is an admin or not in both, controllers and the view page. Thanks //WebbHelp
[eluser]frist44[/eluser]
could you incorporate an .htaccess file in the views directory to control access?
[eluser]WebbHelp[/eluser]
Yes, I Can. I actially thought they had déby user from visit view files Because the user should only see index.pvp Bit how with .htaccess? Thanks //WebbHelp
[eluser]frist44[/eluser]
http://httpd.apache.org/docs/1.3/howto/htaccess.html
[eluser]CtheB[/eluser]
Hi, The easiest way is to enter this line IN THE BEGIN of your view file: (this line should be entered at the beginning of ALL of your files) <?php if ( ! defined('BASEPATH')) exit('No direct script access allowed'); ?>
[eluser]WebbHelp[/eluser]
Frist: thanks, I sill check that out But what does that line do? Thanks
[eluser]CtheB[/eluser]
That line makes sure the files are only accesed by the application and not directly in the browser.
[eluser]cahva[/eluser]
[quote author="CtheB" date="1260420835"]Hi, The easiest way is to enter this line IN THE BEGIN of your view file: (this line should be entered at the beginning of ALL of your files) <?php if ( ! defined('BASEPATH')) exit('No direct script access allowed'); ?>[/quote] I dont agree sorry If he has for example 20+ view files inside views directory, it would be easier to create one .htaccess file to that directory with content: Code: deny from all But ofcourse the best way would be to move application and system directory outside of webroot as suggested in user manual.
[eluser]CtheB[/eluser]
hehe ofcourse the best way is to move the application and system outside webroot, and ofcourse the first best solution is to use .htacces, but if you try to help a newcomming guy with a lot of beginners questions, you want to give hime the easiest anwsers wich works for him, thats why i came with the easiest solution after all.
[eluser]WebbHelp[/eluser]
Thank you all, for the replys I wants to learn the best way, but also the easiest way, it is good to know them both. How doy you mean, if I put the codeigniter system/application out of the root, How can I reach them as a user then? I also saw a tutorial; He put the application folder outside the system folder, shouldn't that be a problem with the path's to the class? So how, should I do with it Thanks //WebbHelp =) |
Welcome Guest, Not a member yet? Register Sign In |