EllisLab text mark
Advanced Search
     
Why “if (!defined(‘BASEPATH’)) exit(‘No direct ...?
Posted: 12 May 2008 03:35 AM
Joined: 2008-03-28
4 posts

Hi All

I’m new to codeIgniter and I’m wondering if there is a way to minimise the

if (!defined('BASEPATH')) exit('No direct script access allowed'); 

calls in my code.

It interferes with the simpleTest framework plug-in I use in Eclipse PDT and generally annoys me.

Is it feasible(safe enough) to change it to something like

if(!TESTING))
{
if (!defined('BASEPATH')) exit('No direct script access allowed');

I would imagine that this would work by adding a define() called TESTING to the root
index.php

Example:

define('TESTING'false); 
 
Posted: 12 May 2008 04:07 AM   [ # 1 ]   [ Rating: 0 ]
Avatar
Joined: 2007-07-30
2144 posts

Yes, your idea would work fine.

That small piece of code is there to ensure people don’t try to access your scripts directly - all access should flow through the index.php file.

 Signature 

Follow me on twitter here.
MichaelWales.com | MichaelWales.info

 
Posted: 12 May 2008 04:34 AM   [ # 2 ]   [ Rating: 0 ]
Joined: 2008-03-28
4 posts

Thankyou Michael

Is there a rule of thumb for where not to put
if (!defined(‘BASEPATH’)) exit(‘No direct script access allowed’);

Could this code end up as a performance lag issue being at the top of every php page?

I’d like to minimise it’s usage

 
Posted: 12 May 2008 04:53 AM   [ # 3 ]   [ Rating: 0 ]
Avatar
Joined: 2008-03-13
515 posts

you could move system and application out of the web root (why they’re in the webroot in the first place still puzzles me) and update the paths in your index.php

 Signature 

:wq

 
Posted: 12 May 2008 11:17 AM   [ # 4 ]   [ Rating: 0 ]
Joined: 2008-03-28
4 posts

Good idea GSV

As another option, I’m also thinking about replacing this code with an include statement so i can change the code from one place.

That’s of course if I decide to keep it at all after following your idea.

Does anyone else want to second GVS’s opinion?

If I decide to keep the code, could it end up giving me performance issues?

If I go with GVS’s option will it still be possible somehow to run the scripts directly.
I imagine not.

 
Posted: 12 May 2008 11:26 AM   [ # 5 ]   [ Rating: 0 ]
Avatar
Joined: 2007-06-10
2937 posts

It’s a nice idea to move the application above the web root, but it’s not always possible and depends on your hosting company. (I don’t think it’s possible for hosts using Plesk CP)

.htaccess and mod_rewrite also provide a similar level of security.

 Signature 

URI Language Identifier | Modular Extensions - HMVC | View Object | Widget plugin | Access Control library

 
Posted: 12 May 2008 09:26 PM   [ # 6 ]   [ Rating: 0 ]
Joined: 2008-03-28
4 posts

Does it make sense to put this in every file that isn’t a controller?

if (!defined(’BASEPATH’)) exit(’No direct script access allowed’);

 
Posted: 13 May 2008 02:50 AM   [ # 7 ]   [ Rating: 0 ]
Avatar
Joined: 2007-07-30
2144 posts

Does it make sense to put this in every file that isn’t a controller?

Yes, if you have your entire CI application in the webroot, and I knew you were running CI I could just enter this URL:
http://www.yoursite.com/system/application/models/user.php

Or whatever. It might take a few tries, but I’d get it.

Personally, I place the if BASEPATH code at the top of every PHP file in addition to moving all of my application and system files outside of the webroot. The webroot only hosts index.php and all of my static files (JS, CSS, images).

 Signature 

Follow me on twitter here.
MichaelWales.com | MichaelWales.info

 
Posted: 13 May 2008 11:58 AM   [ # 8 ]   [ Rating: 0 ]
Avatar
Joined: 2007-10-11
166 posts

what if i define(‘BASEPATH’) in my local system file, and try to access http://www.yoursite.com/system/application/models/user.php, by including this file?

<?php
define
('BASEPATH',true);
include(
'http://www.yoursite.com/system/application/models/user.php');
?> 

What will happen? guys it confuses me a lot, please help me this context.
Would i be able to access, other’s resources??

 Signature 

http://www.nirbhab.com/  |  Follow Me On Twitter

 
Posted: 13 May 2008 02:13 PM   [ # 9 ]   [ Rating: 0 ]
Avatar
Joined: 2008-01-07
2509 posts

That will work.  You may not have the needed dependencies, but you’ll be able to access the file.  CI doesn’t really do anything else.  The index.php file defines BASEPATH and then includes CodeIgniter.php, which includes a bunch of other stuff.  Just imagine include as sort of a copy paste.  You grab it from one file, and stick it in the current one.

 Signature