0

what is the

defined('ABSPATH') or die();

for a non-wordpress SQL.

I've done some research and googling, but can't seem to find an answer. I've developed WordPress plugins in the past, and know this line of code is important for security.

Now I'm making a website outside of WordPress, and have some files I don't want users to directly access, because those files open the connection to the SQL database, without closing it(closing is done on the page that calls it). but if I put defined('ABSPATH') or die(); on the page, it keeps the user from accessing the home page that has 

include 'dbconnect.php';

what would I need to have "defined()" to keep users from accessing the file directly, but still be able to include it in another file? thanks.

also, I'm using "mysqli" for the SQL, and editing the files in Cpanel.

Your Common Sense
  • 156,878
  • 40
  • 214
  • 345
SwiftNinjaPro
  • 787
  • 8
  • 17
  • 3
    WordPress is fairly outdated in this approach. Pick a modern framework like Laravel, which puts all of its code outside of the web root, and there's absolutely no need for this. – ceejayoz Mar 04 '19 at 21:24
  • *”what would I need to have "defined()"”* - uhm, `ABSPATH`‽ Also, all database connections are closed anyway at the end of the script. – deceze Mar 04 '19 at 21:27
  • I said "non-wordpress" meaning I'm not using wordpress. I'm trying to find the version of ABSPATH that I can use outside of wordpress, I mostly just put the line of code in my plugins and know what they do, I don't actually know what ABSPATH originally came from – SwiftNinjaPro Mar 04 '19 at 21:27
  • 1
    `ABSPATH` is a constant defined early in the Wordpress life cycle, so the simple assumption is that if that constant is not defined, the file is being used outside the Wordpress life cycle and hence should `die`. – deceze Mar 04 '19 at 21:30
  • how would I detect something like that without using wordpress? – SwiftNinjaPro Mar 04 '19 at 21:31
  • 1
    Use the same principle‽ Define a constant in some configuration file you always assume to have been included first, and check for that. But as ceejayoz says, this is pretty stupid practice to begin with. Just don’t put your non-public files in a public webroot, period. – deceze Mar 04 '19 at 21:33

1 Answers1

0

This seems to work, just needed to learn a bit more about how wordpress ABSPATH works, and was able to word my search better :D

site1 site2

in the page calling the file, I have: 

define('SITE_PATH', true);

and in the file I have: 

if(!defined('SITE_PATH')){
  echo '<script>window.location.replace("/404");</script>';
  die('404 Page Not Found');
}
SwiftNinjaPro
  • 787
  • 8
  • 17