Mason Barge a écrit :
Okay. I generally put a header.inc.php file below the webroot. It
would actually be a major inconvenience not to do so.
To be safe, you can add some checks, I personnaly apply the one used in
phpBB :
DEFINE('IN_MYSITE', true);
in the php pages.
if (!defined('IN_MYSITE')) {
die("Hacking attempt");
}
in the php includes.
This way no .inc.php can be executed, it dies immediately.
I don't really follow your reasoning (not your fault). Is there a
realistic chance of harm?
if your file does some code depending on a context, which context
doesn't exist if you call that file directly, yes. Such code would be
extremely weird to do I think, still some people may code that way.
Regards,
--
Guillaume