StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

POHow to know if php script is called via require_once()?
text
Body
copied!<p>My webapp has a buch of modules. Each module has a 'main' php script which loads submodules based on a query sent to the main module:</p> <pre><code>//file: clientes.php //check for valid user... //import CSS and JS... switch( $_GET["action"] ) { case "lista" : require_once("clientes.lista.php"); break; case "listaDeudores" : require_once("clientes.listaDeudores.php"); break; case "nuevo" : require_once("clientes.nuevo.php"); break; case "detalles" : require_once("clientes.detalles.php"); break; case "editar" : require_once("clientes.editar.php"); break; default : echo "<h1>Error</h1><p>El sitio ha encontrado un error.</p>"; } </code></pre> <p>This main module deals with security and imports many resources all submodules need. The big problem shows up when a user asks for any of the submodules, bypassing all the security measures on the main module! My idea was to add a line on every submodule to test if it was being called directly and deny access or if its been called via another script, and continue. The least thing I would like to do is redo the security checking on every single file, since it does a bunch of query's to the database.</p> <p>Does a php script know if its been called via a <code>require_once()</code> or a direct call ? I've been trying to implement some sort of <code>$_SERVER['REQUEST_URI']</code> and <code>$_SERVER['PHP_SELF']</code> pitfall but I was wondering if there was some sort of an elegant way of doing this.</p>

Querying!

Guidance

An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload