i think in fairness - if you didn't use asp style short tags - you can prevent the file being indexed and shown.
for security I would not define my functions inside the config.inc file - simply define the site constants and globals. everything else should be encapsulated in classes
i.e
PHP Code:
<?php
/*
* set system constants according to what type of mail server auth you're using.
* define mail_auth if your mail server requires it (and not running locally)
* do not need to define user and pass if not using auth.
*
* define('MAIL_HOST', $mail_srvr);
* define('MAIL_AUTH', false);
*
*/
define('MAIL_HOST', $mail_srvr);
define('MAIL_AUTH', true);
define('MAIL_USER', $mail_user);
define('MAIL_PASS', $mail_passwd);
?>
this way I can reference these variables from a secured config file - but this provides the globals that I need - where I only need to modify my stored paths - the secured information is held elsewhere.
PHP Code:
$path = '../' . $physical_path;
$wpath = 'http://' . $_SERVER["SERVER_NAME"] . '/' . $physical_path;
/**
* Smarty template directories
*/
define('TEMPLATE_DIR', $path . 'templates/');
define('COMPILE_DIR', TEMPLATE_DIR . 'templates_c/');
define('CONFIG_DIR', TEMPLATE_DIR . 'configs/');
define('CACHE_DIR', TEMPLATE_DIR . 'cache/');
/**
* Site directories
*/
define('IMAGE_DIR', $wpath . 'images/');
define('CSS_DIR', $wpath . 'css/');
define('ROOT_DIR', $wpath);
define('INCLUDES_DIR', $path . 'includes/');
/**
* Site pages
*/
define('INDEX_PAGE', ROOT_DIR . 'index.php');
define('HELP_PAGE', ROOT_DIR . 'help.php');
/*define('HELP_PAGE', USER_DIR . 'help.php');*/