Php: Check If a File Is Loaded Directly Instead of Including

PHP: Check if a file is loaded directly instead of including?

If you use

define('APP_RAN'); 

in the file that includes it and then put

if(!defined('APP_RAN')){ die(); }

or alternatively

defined('APP_RAN') or die();

(which is easier to read)

in included files it would die if you access them directly.

---

It would probably be better to put all of your included files above your DocumentRoot though.

For example, if your index page is at

/my/server/domain/public_html

You should put the included files in

/my/server/domain/

Check if a file was included or loaded

Quoted from: How to know if php script is called via require_once()?

I was looking for a way to determine if a file have been included or called directly, all from within the file. At some point in my quest I passed through this thread. Checking various other threads on this and other sites and pages from the PHP manual I got enlightened and came up with this piece of code:

if (basename(__FILE__) == basename($_SERVER["SCRIPT_FILENAME"])) {
  echo "called directly";
} else {
  echo "included/required";
}

In essence it compares if the name of the current file (the one that
could be included) is the same as the file that is beeing executed.

Credit: @Interwebs Cowboy

How to detect if a file is being included or directly ran

Make the included scripts not accessible via HTTP at all. E.g. by protecting the subfolder or moving them above the document root.

If you cannot do that, define() something like IS_INCLUDED in your main script and exit; if this constant is not defined() in your included script.

How to find out a php file is included or accessed directly?

if(__FILE__ != $_SERVER['SCRIPT_FILENAME']) {
  // we're in an include
}

PHP script detect that it is an include

You can check for the presence of $argv. If $argv[0] is set (the script name), your script is run from the command line.

Is it possible to detect when php file is included?

You can set a constant in the file to be included like so:

In original.php:

define('ORIGINAL_INCLUDED', TRUE);

Then in first.php you check if the constant exists:

if (defined('ORIGINAL_INCLUDED'))
{
    // do not check if user session exist etc.
}
else
{
    // check for user session
}

Unlike get_included_files() this will work when a script includes a script. get_included_files() will only return the files included in the main script, but not scripts included in child scripts.

Or in original.php:

if ('original.php' == basename(__FILE__))
{
    // original.php directly accessed
}
else
{
    // original.php included instead
}

How can check a php file is successfully included?

Using php's require method is more suitable if you want to be absolutely sure that the file is included. file_exists only checks if the file exists, not if it's actually readable.

require will produce an error if inclusion fails (you can catch the error, see Cerbrus' answer).

Edit:

However, if you don't want the script to halt if the inclusion fails, use the method is_readable along with file_exists, like:

if( file_exists("dbas.php") && is_readable("dbas.php") && include("dbas.php")) {
    /* do stuff */
}

Detect If PHP is not opened by include

Looks like you can try the reverse method of this answer:

PHP CHeck if a File is Loaded Directly Instead of Including

Instead of adding the define('APP_RAN') in the "base" file, add it to the include and add the other snippet to the base file.

How to tell if a file has already been required?

You can also make your own require_file function:

<?php
function require_file($file_path){
    static $required_files=array();
    if(!isset($required_files[$file_path])){
        require $file_path;
        $required_files[$file_path]=true;
        return true;
    }
    return false;
}
?>

---

Related Topics