Member Avatar for Aeonix 
<?php

    if (!defined("include")) {
        header ($_SERVER["SERVER_PROTOCOL"]." 404 Not Found", true, 404);
        die;
    }

I want to include this file, as if it's not included, it should send browser 404 Not Found and end executing script (without true and 404 doesn't work either). While Opera fools itself, Firefox doesn't. It shows just super-empty document (not 404, but also not even standard CSS stylesheet). How do I successfully send "404 Not Found" to ALL browser. How do I do this successfully?

Edited by Aeonix
  • 3 Contributors
  • 6 Replies
  • 342 Views
  • 3 Days Discussion Span
  • Latest Post Latest Post by Aeonix
Member Avatar for cereal

Hi,

I don't understand your request: defined() is used only with constants not with statements, are you defining a constant or just trying to include 'somefile.php'; and be sure it's loaded?

Member Avatar for cereal

-sigh-
Why is it so, that when there's an issue, people look all around :D, but not on the issue.

lol, I asked because I do not know how you are implementing that statement and what you really expect to get. What do you mean by true 404? A redirect to the 404 error page defined by the server?

This:

While Opera fools itself, Firefox doesn't. It shows just super-empty document (not 404, but also not even standard CSS stylesheet). How do I successfully send "404 Not Found" to ALL browser.

is not a useful information, to understand your issue.

Look, to me it's easier to move the includes scripts into a separated directory, then use .htaccess to deny direct access to that directory, so it cannot be accessed through the browser.

This solution does not require to modify the scripts, so nothing like the header() 404 statement, if really needed you could force it through .htaccess and send a more appropriate 403 or even 404.

It's even better if you move the includes directory to the parent of the public_html directory, which if correctly set, is not accessible by the browsers, that way you don't even need to use .htaccess file to define what is accessible and what not.

commented: GSOH! +15
Member Avatar for Aeonix

What do you mean by true 404? A redirect to the 404 error page defined by the server?

A true fake 404 error. So that whatever encounters "the query", gets literally told that this file doesn't exist. One that will always trigger (This page doesn't exist) in every browser instead of just some.

Look, to me it's easier to move the includes scripts into a separated directory, then use .htaccess to deny direct access to that directory, so it cannot be accessed through the browser. This solution does not require to modify the scripts, so nothing like the header() 404 statement, if really needed you could force it through .htaccess and send a more appropriate 403 or even 404. It's even better if you move the includes directory to the parent of the public_html directory, which if correctly set, is not accessible by the browsers, that way you don't even need to use .htaccess file to define what is accessible and what not.

Well there's a problem, every time I use .htaccess, I mess up something. It's not a safe tool for me. I explode everything. It's like Trump and Clinton combined, it hurts, is a huge error and probably will end up deleting the world. And now for serious. I barely use .htaccess, last time I tried that (just by copy-pasting snippets) it went all wrong (thousands of redirects until browser gives up) and bad news alround. On top of it .htaccess doesn't appear in listed files unless you're root. The only way to edit it is through editor, which can't delete the file in case it goes wrong because of missing plugin. Like I said. I don't touch it, last time it hurt, so I dodge it like fire.

P.S.: This is a nice wall... (ba dum tsk)... of text.

Edited by Aeonix
Member Avatar for diafol

I'm with cereal on this one - .htaccess is the method to stop phaffing with your code. However, the technique you're looking for (I assume, is...)

In your main page, you define a constant, then in your include files, you check to see if the constant has been defined - if not, it appears that the user is trying to access your include file directly, so you throw them to a page of your choice, else, everything is fine and the code in the include executes.

Main file, e.g. index.php:

define("CONSEC", 1);
require "inc/bugger.php";
//rest of code

At the top of the file in bugger.php:

if(!defined("CONSEC")){
    //do your "you are pissing me off message or a redirect"
    exit;
}

You'll want defence in depth if this is a live site - have a look at sites such as OWASP if you're interested. htaccess, having blank index.php files in directories, etc.

Member Avatar for Aeonix

Apparently .htaccess ain't mess that it looks like. Just create .htaccess file, and put in it Deny from all, from now on every request going to any file in the folder and every sub-folder is denied with 403 Forbidden, which is good enough.

In your main page, you define a constant, then in your include files, you check to see if the constant has been defined - if not, it appears that the user is trying to access your include file directly, so you throw them to a page of your choice, else, everything is fine and the code in the include executes.

Yea, I already got that, you explain just what I had.

Edited by Aeonix
Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.