I have a doubt, that maybe its simple solution, I'm working on an application, using PHP as backend and ExtJS as frontend.
Following the MVC architecture.
Well .. I use apache as web server, all my development in a pc with debian 8, I have the mod_rewrite apache module activated and here is my .htaccess file
RewriteEngine On
RewriteCond% {REQUEST_FILENAME}! -d
RewriteCond% {REQUEST_FILENAME}! -f
RewriteCond% {REQUEST_FILENAME}! -l
RewriteRule ^ (. *) $ Index.php [QSA, L]
# Prevent file browsing
Options -Indexes
I make everything happen first by index.php that would be my front controller ..
Index.php content
define('ENVIRONMENT', isset($_SERVER['APP_ENV']) ? $_SERVER['APP_ENV'] : 'development');
/**
* --------------------------------------------------------------------------------
* ERROR REPORTING
* --------------------------------------------------------------------------------
*/
switch (ENVIRONMENT) {
case 'development':
error_reporting(-1);
ini_set('display_errors', 1);
break;
case 'production':
ini_set('display_errors', 0);
error_reporting(E_ALL & ~E_NOTICE & ~E_DEPRECATED & ~E_STRICT & ~E_USER_NOTICE & ~E_USER_DEPRECATED);
break;
default:
die(header('HTTP/1.1 503 Service Unavailable.', true, 503));
}
/**
* --------------------------------------------------------------------------------
* AUTOLOAD REGISTER
* --------------------------------------------------------------------------------
*/
if (is_readable('includes/autoload.php')) {
require_once 'includes/autoload.php';
new Autoload();
}
/**
* --------------------------------------------------------------------------------
* APPLICATION DISPATCHER
* --------------------------------------------------------------------------------
*/
if (is_readable('system/App.php')) {
require_once 'system/App.php';
new App();
}
Autoload.php content
defined('ENVIRONMENT') or exit('Sorry!. No direct script access allowed.');
class Autoload
{
private $_extensions = array(
0 => '.inc',
1 => '.php',
2 => '.lib.php',
3 => '.class.php',
);
public function __construct()
{
define('DS', DIRECTORY_SEPARATOR);
define('PS', PATH_SEPARATOR);
define('FCFILE', basename($_SERVER['PHP_SELF']));
define('BASE_PATH', realpath(dirname(__DIR__)) . DS);
define('SYSTEM_PATH', 'system');
define('INCLUDES_PATH', 'includes');
define('CONTROLLERS_PATH', 'controllers');
define('VIEWS_PATH', 'views');
self::includePaths();
spl_autoload_extensions(implode(',', $this->_extensions));
spl_autoload_register(array(__CLASS__, 'includeFile'));
self::sessionStarter();
}
public function __destruct()
{
}
private static function includePaths()
{
set_include_path(implode(PS, array(
realpath(SYSTEM_PATH),
realpath(INCLUDES_PATH),
realpath(CONTROLLERS_PATH),
realpath(VIEWS_PATH),
get_include_path(),
)));
}
private static function includeFile($file)
{
if (!empty($file)) {
spl_autoload($file);
}
}
private static function sessionStarter()
{
if (!isset($_SESSION)) {
session_name('AURORA_SESSION');
session_start();
}
}
}
Well..after follow .. and create my router .. others and others..i want .. when i type in the address bar ...
Http: // localhost / clients / read
If I do it directly .. give me an error .. like CodeIgniter does for example ..
Defined ('ENVIRONMENT') or exit ('Sorry! No direct script access allowed.');
Osea .. what I'm looking for .. is if the request is not made from a page inside the views folder, then it returns an error .. to avoid .. that they execute scripts directly ..
Thank you very much in advance .. and in anticipation of your help ..
You are doing it wrong.
The reason why CodeIgniter has that stupid line is simple - they keep all code in the webserver's document root. And that magical line helps then to check, if the file was included was not executed directly. That's a terrible idea.
Instead, lets assume you have the following directory structure:
/project
/docs
/src
/application
/config
/public
/tests
In this case, the DOCUMENT_ROOT for your website should be /project/src/public and that directory should contain only CSS/JS/images and one PHP file: something like index.php, which would contain:
<?php
require __DIR__ . '/../application/bootstrap.php';
This way, if mod_php fails, your visitors wont be able to read all your source code (yes, it can happen).