I thought this might help people out.
I usually have a page, say index.php for example, contain all of the login etc.. Then, once it decides what's going on, I include an actual HTML page in the same folder as required, so for example:
index.php (log-in page)
index_form.php (login form)
index_result.php (login result, i.e. successful login)
I'd like to keep a hacker out of these files, though if I've coded right, at best the page will fail. But this little one-liner at the top gives me absolute assurance nobody can call index_result.php by itself:
substr(__FILE__, -(strlen($PHP_SELF)))==$PHP_SELF?exit('Cannot view include file by itself'):'';
NOTE: use $GLOBALS[PHP_SELF] if you have globals off..
Also FILE and LINE are great constants for error checking, anyone know any others or where the list is on php.net?
Happy coding all,
Sam Fullman
