Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

No direct script access when using include

Tags:

include

php

I have a PHP powered CMS website. I'd like to include database.php in a PHP script. database.php is in the config folder and has the db connections details (pass, db_name etc).

Here is the script:

<?php 
  echo __DIR__ ."<br /><br />"; 
  //make sure your assumptions on directories and path are correct for the 
  //include below

  include '../application/config/database.php';

?>

Running the script, I get this message:

/Applications/XAMPP/xamppfiles/htdocs/tslocal/textbook_scripts

No direct script access.

On the first line of database.php is this line:

<?php defined('SYSPATH') or die('No direct script access.');

I'm guessing that the CMS has somehow "protected" the config file which is preventing me from including it. What is "No direct script access"? Google gives me lots of examples of people seeking to add this functionality. I wish to remove it. Possible? Likely? How do I tell PHP to let me access database.php?

like image 735
Doug Fir Avatar asked Aug 22 '13 15:08

Doug Fir

2 Answers

The basic way for going about this is somewhere in the application (prior to the loading of database.php) there is a line something along the lines of:

define( 'APPLICATION_LOADED', true );

In the database.php there is a check being performed against this, similar to:

if( !defined('APPLICATION_LOADED') || !APPLICATION_LOADED ) {
    die( 'No direct script access.' );
}

Look in database.php and whatever files it includes to determine how it is checking to see if the script is being directly accessed or not. Then you can mimic the conditions necessary if you would like to include that file in your script.

like image 112
Jeff Lambert Avatar answered Nov 01 '22 04:11

Jeff Lambert

I got this PHP error from Codeigniter's Email.php class called CI_Email:

<?php  if ( ! defined('BASEPATH')) exit('No direct script access allowed');

class CI_Email {
   var $smtp_default_from = '';
   var $smtp_default_name = '';
   var $useragent = "CodeIgniter";
   var $mailpath  = "/usr/sbin/sendmail";

   //more code omitted

}

What I did was try to include this class directly like this:

<?php
    include("Email.php");
?>

And when I run it, it says: 

No direct script access.

The PHP method "defined" checks whether the given constant exists and is defined.

So for my particular class it says that BASEPATH must be defined. So if you define it like this:

<?php
  define('BASEPATH', "foobar");
  include("Email.php");
?>

Then the error is no longer thrown. But then we have to wonder why the developers put in this particular restriction and what will happen if we bypass it.

like image 5
Eric Leschinski Avatar answered Nov 01 '22 02:11

Eric Leschinski
Sign in to Comment

Related questions

Symfony2: Edit user without having password
How to know if imagick throws an error - PHP
How can I rearrange array items moving dependencies on top?
API Youtube, how to get like and dislikes
Why is this mongo sort not working in PHP?
PHP get file path of an image?
effective solution: base32 encoding in php
How do I return data via Ajax using Plupload on Upload Complete?
PHP Warning: mysqli_stmt::bind_param(): Number of variables doesn't match number of parameters in prepared statement
cURL get url from redirect
How to save an Imagick object (php)
Sonata Media Bundle - How to write a custom image resizer
What's the best way to validate numbers with comma as decimal separator?
Paypal IPN Sandbox - IPN Listener - no verified or invalid
Useful IMAP header information not showing up
Insert new rows into Google Spreadsheet via cURL/PHP - HOW?
How to catch DB errors in CodeIgniter PHP
Compare SimpleXml Object
PHP Ternary Operator checking if variable contains something?
Move JS code from HTML to source in HEAD section

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!