In addition to "void a t informance d o t info", here's a one-liner that requires no constant:
<?php basename($_SERVER['PHP_SELF']) == basename(__FILE__) && die('Thou shall not pass!'); ?>
Placing it at the beginning of a PHP file will prevent direct access to the script.
To redirect to / instead of dying:
<?php
if (basename($_SERVER['PHP_SELF']) == basename(__FILE__)) {
if (ob_get_contents()) ob_clean(); header('Location: /');
die;
}
?>
Doing the same in a one-liner:
<?php basename($_SERVER['PHP_SELF']) == basename(__FILE__) && (!ob_get_contents() || ob_clean()) && header('Location: /') && die; ?>
A note to security: Even though $_SERVER['PHP_SELF'] comes from the user, it's safe to assume its validity, as the "manipulation" takes place _before_ the actual file execution, meaning that the string _must_ have been valid enough to execute the file. Also, basename() is binary safe, so you can safely rely on this function.
