There is a PHP file with a class and a function inside the class that connects to the file with the main class:

if(defined('VERSION')) define('version', VERSION); defined('version') OR die('Direct access is forbidden!'); class addClass extends mainClass { private function some_method() { return 'Result'; } }

And there is an Ajax request in pure Javascript:

 var request = new XMLHttpRequest(); var params = "filter=true"; request.open('POST', '/addclass.php', true); request.setRequestHeader("Content-type", "application/x-www-form-urlencoded"); request.onload = function(data) { console.log(this.responseText); } request.send(params);

Question : How can I get the answer of the function some_method() ?

If you insert

 if($_REQUEST['filter'] == true) { echo addClass::some_method(); }

at the very beginning of the addclass.php file , even before the class addClass {} (it does not matter before if(defined('VERSION')) or after), then I get an error in the console

POST http://mydomain.com/addclass.php 500 (Internal Server Error)

And if I insert these lines after class addClass {} then as an Ajax-answer I get only

Direct access is forbidden!

  • if(defined('VERSION')) - do you use some kind of framework? If you want to bypass it, throw away the if and place your code after class declaration - splash58
  • This is not a framework, it is an easy way to protect the addclass.php file from direct access. At the same time, define('version', '1.0'); - stckvrw
  • You get 500 because you call the class method before it is declared. And the second error says that the main file was not executed before addclass.php. - splash58
  • and the method some_method is private, it cannot be called directly, nor is it static to call it after two colons. - Jean-Claude
  • @stckvrw what is the protection against direct access? What do you mean by this "direct access"? This is not a defense, it is a crutch some useless in principle. - teran

0