Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived General Discussion if (!defined('BASEPATH')) exit('No direct script access allowed');
if (!defined('BASEPATH')) exit('No direct script access allowed');
  • El Forum
    Guest
  •  
#1
10-11-2008, 08:58 PM

[eluser]CIfan1000[/eluser]
I have seen:

if (!defined('BASEPATH')) exit('No direct script access allowed');

at the beginning of sections of code.

Could someone please explain what it is and where it should go?

Thank you!
  • El Forum
    Guest
  •  
#2
10-11-2008, 10:39 PM

[eluser]Scriptor[/eluser]
Somebody could try and directly access one of your code files, rather than going through CI's code. For example, if you have a library called foo.php, somebody might try to access it through: yoursite.com/system/application/libraries/foo.php. As far as I can say this is done to prevent any hassles of code running when it shouldn't. foo.php probably assumes that the rest of the framework has been loaded. If it's run by itself, strange errors could result that would either confuse users or display sensitive information.
Making sure BASEPATH is defined is just a simple way to know that CI has been loaded.

It usually goes at the top of your file, right after the opening PHP tag.
  • El Forum
    Guest
  •  
#3
10-11-2008, 11:03 PM

[eluser]ray73864[/eluser]
or if you wanted to, you could set up a .htaccess rule that essentially blocks out the /system/ folder and all subdirectories if the request isn't coming from a specific place (such as your domain name, etc...)
  • El Forum
    Guest
  •  
#4
10-12-2008, 07:42 AM

[eluser]CIfan1000[/eluser]
Thank you guys for your quick and helpful responses!
  • El Forum
    Guest
  •  
#5
10-12-2008, 08:29 PM

[eluser]t'mo[/eluser]
Alternatively, you could (some would say *should*) configure your CI deployment so that only index.php is in the webroot, and everything else is up and out.

Code:
1) /home/yourid/public_html
2) /home/yourid/public_html/index.php
3) /home/yourid/codeigniter

1. webroot
2. the only "page" people hitting your site see; in here you configure your $system_folder and $application_folder variables to refer to '/home/yourid/codeigniter'
3. where your application code resides

You don't even have to do the usual "codeigniter/system/application" thing; you could also add another directory so multiple applications could share the same copy of the codeigniter libraries:

Code:
4) /home/yourid/first_application
   /home/yourid/second_application
   ...
  • El Forum
    Guest
  •  
#6
10-13-2008, 12:06 PM

[eluser]dpgtfc[/eluser]
[quote author="t’mo" date="1223882983"]Alternatively, you could (some would say *should*) configure your CI deployment so that only index.php is in the webroot, and everything else is up and out.
[/quote]

I do this always, even before I was into CodeIgniter. Only index.php and a css and javascript directory.

If I have a lot of scripts that are called via Ajax, I create a php file for that (pre-CI) that just does a switch, and includes the file if the case is met.




Theme © iAndrew 2016 - Forum software by © MyBB