====== Modules and security ======
**When developing a module, you should always keep security in mind. This guide explains some basic things you should know when developing a module for pluck.**

===== Direct file access =====
Please make sure the files in your //pages_admin// and //pages_site// dirs are not directly accessible. If you don't block direct access, anyone can execute the code, even admin code without having to login.

You could for example use this code to block direct access (put at the very top of your PHP-file, just below the PHP opening):
<code php>
//Make sure the file isn't accessed directly
if((!ereg('index.php', $_SERVER['SCRIPT_FILENAME'])) && (!ereg('admin.php', $_SERVER['SCRIPT_FILENAME'])) && (!ereg('install.php', $_SERVER['SCRIPT_FILENAME'])) && (!ereg('login.php', $_SERVER['SCRIPT_FILENAME']))){
    //Give out an "access denied" error
    echo 'access denied';
    //Block all other code
    exit();
}
</code>