Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 2 of 2
  1. #1
    Regular Coder
    Join Date
    Nov 2006
    Posts
    601
    Thanks
    1
    Thanked 2 Times in 2 Posts

    need help making include section more secure

    hey guys

    i use this

    Code:

    PHP Code:
    <?php 
    if (isset($_GET['section'])) {
      
    $section $_GET['section'];
    } else {
      
    $section 'main';
    }
    $file "include/".$section.".php";
    if (
    file_exists($file)) {
        require(
    $file);

     
    ?>

    but i dnt seem to think its secure lol

  • #2
    New Coder
    Join Date
    Aug 2005
    Location
    Groningen, Netherlands
    Posts
    57
    Thanks
    0
    Thanked 6 Times in 6 Posts
    Try this:

    Add the following to your files:
    Code:
    <?php 
    if (isset($_GET['section'])) {
      $section = $_GET['section'];
    } else {
      $section = 'main';
    }
    $file = "include/".$section.".php";
    
    // now, add this:
    define('IN_MY_CUSTOM_CMS',true);
    
    if (file_exists($file)) {
        require($file);
    } 
     ?>
    .. and in the file you want to include:
    Code:
    <?php
    if(!defined('IN_MY_CUSTOM_CMS')){
     echo 'hack attempt';
     exit(0);
    }
    ?>


    You could also create an array with allowed files and check if your filename is in that.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •