Home/ Questions/Q 9058063
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-16T14:37:35+00:00

i was recently browsing some php source code, particularly ones of forum software like

  • 0

i was recently browsing some php source code, particularly ones of forum software like phpbb and esotalk

I noticed one thing, most of them used a global variable at the start of their page as some sort of security like so:

if (!defined("IN_ESOTALK")) exit; //For esotalk
if (!defined("IN_PHPBB")) exit; //FOR phpbb

What sort of security is this? I don’t understand.
Could you explain to me what this prevents and how?

thanks,
Vidhu

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    it works by making sure the php script doesn’t run unless the framework has started up. This way the user can’t execute a script without going through the proper page.

    Here’s an example. We have 2 files:

    index.php

    <?php
     define("_MY_FRAMEWORK", 1);
     echo 'started';
     require('script.php');
?>

    and script.php

    <?php
    if (!defined("_MY_FRAMEWORK")) exit;
    echo "my script";
?>

    If you run script.php directly, nothing will happen because _MY_FRAMEWORK has not been defined. it will exit.

    However, if you run index.php, which includes script.php, the script will continue because you did define _MY_FRAMEWORK first. You will get the full output: started followed by my script.

    @Gumbo makes a good point: If you haven’t seen define before, it defines a constant that cannot be changed. The user contributions to the PHP documentation can be helpful to understand how it works.

    • 0