Why "if (!defined('BASEPATH')) exit('No direct ...?

[eluser]jtread[/eluser]
Hi All

I'm new to codeIgniter and I'm wondering if there is a way to minimise the

Code:

if (!defined('BASEPATH')) exit('No direct script access allowed');

calls in my code.

It interferes with the simpleTest framework plug-in I use in Eclipse PDT and generally annoys me.

Is it feasible(safe enough) to change it to something like

Code:

if(!TESTING))
{
if (!defined('BASEPATH')) exit('No direct script access allowed');
}

I would imagine that this would work by adding a define() called TESTING to the root
index.php

Example:

Code:

define('TESTING', false);

[eluser]Michael Wales[/eluser]
Yes, your idea would work fine.

That small piece of code is there to ensure people don't try to access your scripts directly - all access should flow through the index.php file.

[eluser]jtread[/eluser]
Thankyou Michael

Is there a rule of thumb for where not to put
[code]if (!defined('BASEPATH')) exit('No direct script access allowed');[code]

Could this code end up as a performance lag issue being at the top of every php page?

I'd like to minimise it's usage

[eluser]GSV Sleeper Service[/eluser]
you could move system and application out of the web root (why they're in the webroot in the first place still puzzles me) and update the paths in your index.php

[eluser]jtread[/eluser]
Good idea GSV

As another option, I'm also thinking about replacing this code with an include statement so i can change the code from one place.

That's of course if I decide to keep it at all after following your idea.

Does anyone else want to second GVS's opinion?

If I decide to keep the code, could it end up giving me performance issues?

If I go with GVS's option will it still be possible somehow to run the scripts directly.
I imagine not.

[eluser]wiredesignz[/eluser]
It's a nice idea to move the application above the web root, but it's not always possible and depends on your hosting company. (I don't think it's possible for hosts using Plesk CP)

.htaccess and mod_rewrite also provide a similar level of security.

[eluser]jtread[/eluser]
Does it make sense to put this in every file that isn't a controller?

[code]if (!defined(’BASEPATH’)) exit(’No direct script access allowed’);[code]

[eluser]Michael Wales[/eluser]

Does it make sense to put this in every file that isn’t a controller?

Yes, if you have your entire CI application in the webroot, and I knew you were running CI I could just enter this URL:
http://www.yoursite.com/system/applicati...s/user.php

Or whatever. It might take a few tries, but I'd get it.

Personally, I place the if BASEPATH code at the top of every PHP file in addition to moving all of my application and system files outside of the webroot. The webroot only hosts index.php and all of my static files (JS, CSS, images).

[eluser]nirbhab[/eluser]
what if i define('BASEPATH') in my local system file, and try to access http://www.yoursite.com/system/applicati...s/user.php, by including this file?

Code:

<?php
define('BASEPATH',true);
include('http://www.yoursite.com/system/application/models/user.php');
?>

What will happen? guys it confuses me a lot, please help me this context.
Would i be able to access, other's resources??

[eluser]Pascal Kriete[/eluser]
That will work. You may not have the needed dependencies, but you'll be able to access the file. CI doesn't really do anything else. The index.php file defines BASEPATH and then includes CodeIgniter.php, which includes a bunch of other stuff. Just imagine include as sort of a copy paste. You grab it from one file, and stick it in the current one.