secure php-included file in php code

Question

what is the best method?

I use this way...

index.php

<?php

$secure = true;

include_once("file.php");

?>

I do not want opens file.php directly. so in first line I wrote this code: file.php

<?php
// first line I wrote this code:
if(!isset($secure)) exit('No Access');if(!$secure) exit('No Access');
... some code ...
?>

Do you think my method is true?

Answer 1

It's a commonly used method in many cms and frameworks. Usually by defining a constant instead of setting a variable, but the idea is the same.

E.g., in Wordpress:

defined('ABSPATH') or die("Cannot access pages directly."); 

Still, if you have full control of your setup (e.g., not installing a third party CMS or framework), putting your files where the webserver can't access them is usually better.