I'm wondering if there is any good way to prevent direct access to html files in Fat Free Framework...
So the intended way would be to call a route like /login. However, with the default configuration, users could also access /ui/login.html and get the html file directly, eventually displaying {{#variable}} content, which users shouldn't see...
Unfortunately, I didn't find a way to prevent this so far, neither with PHP methods directly, or into Fat Free Framework.. How could this be done?
This could be done with some .htaccess magic where any access to your .htm[l] files are sent a 404, but the proper way to do this is to actually get them out of your public directory. Like you just pointed out, it's a security risk to have those unrendered files there. Usually an app is setup like the following:
app/
config/
controllers/
ui/
mappers/
etc...
public/
index.php (where your fat free index file is that defines your autoloads, config, etc)
vendor/
(composer stuff)
If I were in your shoes, I would move your /ui/ files to a folder outside the public folder and then just change the UI hive variable to point to something like __DIR__.'/../app/ui/' instead which ultimately would solve your problem.
Also, I hope your config file isn't in the public folder! That shouldn't there either (or committed in your code repository!)
Related
I'm working on my first, rather big project in php. I decided to build everything from scratch, without any framework.
First I had the following structure:
index.php
includes/ //all php pages, except index.
includes/scripts/ //all php classes that do not print web pages.
styles/ //all my css files.
images/ //all images used on the website.
But this was giving me trouble when including files from within the various folders.
I have now changed it to:
index.php
the rest of my .php files
styles/
images/
All my includes are working properly now, without having to jump between folders. But I feel like I have lost overview on my project.
At the moment I'm a bit lost on how to do things. What is, by the book, the proper way to group my folders and to include my files?
EDIT: I would also like to see some tips on actually including the files. What are some techniques to include a file, no matter where include() is called? A specific example, according to my first structure.
There was a script in includes/scripts, login.php. login.php then included page.php (a simple page template) from includes/. page.php would include several parts of the template (header.php, footer.php). But I also had to call page.php from the files in include/.
This was giving me trouble, because the relative path would be different if page.php was called from includes/ or from includes/scripts/
Your problem was probably caused by relative paths.
This can be solved by using absolute paths eg.:
require_once("/var/www/clients/client05/web29/web/includes/scripts/myClass.php");
To make it easier you can also define constants in index.php (or any other file that will get included every time)
define("WEB_ROOT", "/var/www/clients/client05/web29/web/");
define("INCLUDES_DIR", WEB_ROOT . "includes/");
define("SCRIPTS_DIR", INCLUDES_DIR . "scripts/");
Files can then be easly included
require_once(SCRIPTS_DIR . "myClass.php");
require_once(INCLUDES_DIR . "acp.php");
A just straight forward suggestion:
index.php
app/
styles/
images/
All PHP code goes into app/ and can be further organized like you see fit, for example one directory for your templates, one to store third-party code and then your own library that you build for your application.
You should be able to move the app folder then anytime to any other location on disk, especially out of the document root.
This is most easily done with a so called front controller that is routing all request that are incomming to the application to the relevant code (technically this allows you to even have multiple applications side-by-side).
In the layout above, index.php plays that role. It's the entry-point to your application.
You should not think about mere files, but about strategies about how to interact with resources.
As PHP has nice object oriented support now, you may take advantage of namespaces, and organize your classes in folders, the way you like.
If you don't want to use a framework [thing I strongly advise you to do however, as it will make your app secure and more maintainable], you will find this article enlightening about how to organize your structure.
You can pick up some components like the symfony autoloader to load classes as you wish, then handle all the other resources [css, js, images] simply according to your filesystem organization.
My preferred organizational structure involves:
index.php and all other php pages in the root ("/")
/includes/ (directory for included template items like header, footer, analytics code, etc... anything frequently reused)
/includes/classes/ (for php classes)
/images/ (self explanitory; I also use several directories inside this based on the most sensible organization of my images)
/style/ (for css, with a "/style/fonts/" directory for font files)
/scripts/ (for js or similar)
/support/ (for any setup files I might be utilizing)
I am attempting to create a website utilizing PHP as the driving power behind the gears. The idea behind the site (generally) requires that each user be presented with the option of creating their own profile (currently considering creating a directory for each user).
I have been doing considerable research in order to set this application up in the best means possible. But I am suffering from extreme confusion when it comes to creating the directory structure. I am considering downloading a framework assistant (CodeIgniter) which might assist me in the venture, but I'd rather get the opinions of others first.
Currently I have all of my files and content within my public_html folder, and I am aware that this is not the ideal set-up. But I'm not sure how to go about creating an alternative structure. I do not know where to store the various templates (header.php, footer.php, etc) and how/where to call them.
I want to create pages to list the "About", "Contact Page", and other content, but do not know where these pages should be located? Do I save the content of these pages within the public_html directory and simply include the templates from the various subfolders?
Concerning a config.php file: I am attempting to have all of the necessary information pertaining to MySQL connections within a single file, as well as other necessary information to be included at the beginning of EACH page within the site.
Thoughts? I'm fairly new to the cloud, and so simple and basic responses would be greatly appreciated!
You're thinking of this wrong. You don't need a directory for each user. You can use GET params to have one script (profile.php, for example) pull the appropriate profile for a user dependent on data passed to it. For example, profile.php?userid=5212 would pull the profile for user 5212 ($_GET['userid'] would contain the user's id in this case). Passing nothing could easily default to pulling the profile for the currently logged in user.
You could also use mod_rewrite so that http://www.yoursitehere.com/profile/5212/ could do the same thing (look into routes in most PHP frameworks)
Your directory structure should suit you. If the site is simple enough you could get away with something simple like just
public_html/
css/
includes/
images/
js/
Your database configuration could live in public_html/includes/ and you could include it on any page requiring a database connection. Your about and contact pages can be actual files located in public_html/ to keep things simple. Again, these are just suggestions. Your directory structure should be whatever you need it to be.
Store everything in a structure that makes sense to you. Something like this should work:
public_html
-Includes
-images
-css
-blog
And so on...
regarding the config file, you can store in in the public_html directory, or in the includes directory
You might consider using a PHP Web Framework like Symfony. It will help with a lot of the basics so that you can concentrate on the Product features.
For the user profile, Store all there information in a database with user id as a field.
When the user logs on, run a query to select all the information by querying against there user id.
As for file structure, you could use:
public html
includes
header.html
footer.html
config.php
classes
pages (stores other pages besides index.php here, contact, about etc.)
css
JS
index.php/html
and outside of the public_html folder I have my mysqli.php file.
To include these header files in your index.php file you would simply create (in your includes folder or wherever you choose) a config.php file with something like the following :
require_once($server['document_root']."/classes/filename.php"); // include needed files and mysqli connection here as well
You could also set a custom error handler in the config file as well if required.
In your index.php file you would then call the config file (which would automatically include any files you specified in the config file as well) and your header and footer i.e
include('/includes/header.html');
include('/includes/config.php');
<!--ENTER PAGE CONTENT HERE-->
include('/includes/footer.html');
On my local setup I have a load of different CakePHP websites. I'm using a Mac so the folder structure is something like ~/Users/cameron/Sites/sample-website and then within each of these websites I will have the typical Cake folder and App folder.
What I would like to do is have just a core cake folder and then have ALL the sites pull from that one cake core so I don't have the same stuff several times over. I have been reading some tutorials on the web: http://rickguyer.com/cakephp-one-core-many-apps/
So I have my cake folder here: ~/Users/cameron/Sites/cake-1.3/ and then my site here: ~/Users/cameron/Sites/sample-site/ and in this folder I have the usual app folder and htaccess to tell it where to find webroot etc.
Now I have edited the index.php file inside webroot like the tutorial BUT have only changed one line because I haven't moved my files OUTSIDE of the App folder like he does. So the only like I have changed is as follows:
if (!defined('CAKE_CORE_INCLUDE_PATH'))
{
define('CAKE_CORE_INCLUDE_PATH', '..'.DS.'..'.DS.'cake-1.3');
}
As far as I can tell that is correctly looking two directories up and finding a folder called cake-1.3 however it just gives a error 500?
Any ideas what the problem is? Thanks
EDIT:
Even doing this doesn't work???
Which If I echo: echo CAKE_CORE_INCLUDE_PATH; gives /Users/cameron/Sites/cake-1.3 and if I paste that in the address bar it loads up the cake folder so it's definitely the correct folder structure JUST it doesn't like looking at cake outside of the main url?
if (!defined('CAKE_CORE_INCLUDE_PATH'))
{
define('CAKE_CORE_INCLUDE_PATH', DS.'Users'.DS.'cameron'.DS.'Sites'.DS.'cake-1.3'); echo CAKE_CORE_INCLUDE_PATH;
}
You are right on the money with:
define('CAKE_CORE_INCLUDE_PATH', DS.'Users'.DS.'cameron'.DS.'Sites'.DS.'cake-1.3');
Just make sure that Users sits in root. In other words, when you go to terminal you can get to this directory by typing: cd /Users/cameron/Sites/cake-1.3
It looks like you may be on a MAC. If so, your linking is correct. Most of the time what I find is you have done a copy paste of the app directory and it does not get the .htaccess files. I would check those first. But here is a comprehensive list of what you should verify:
Make sure the host is pointing to
the correct directory
(/Users/cameron/Sites/sample-site/)
Verify mod_rewrite is in fact on.
Verify you have copied the .htaccess
file in both the
/Users/cameron/Sites/sample-site/
and the
/Users/cameron/Sites/sample-site/webroot
directories.
Confirm that the
/Users/cameron/Sites/cake-1.3/
directory has a directory called
cake in it that contains the core.
Once all of this is confirmed, you will be good as gold!
Happy Coding!
UPDATE:
When the index.php file looks for the cake core, it will look for a directory inside the location you are pointing to for another directory called cake. So in your case:
define('CAKE_CORE_INCLUDE_PATH', DS.'Users'.DS.'cameron'.DS.'Sites'.DS.'cake-1.3');
You must have the cake directory inside /Users/cameron/Sites/cake-1.3. Your directory structure will look like:
/Users/cameron/Sites/cake-1.3/cake
/Users/cameron/Sites/cake-1.3/cake/libs
/Users/cameron/Sites/cake-1.3/cake/config
/Users/cameron/Sites/cake-1.3/cake/console
etc.
CakePHP 3.0+
In CakePHP 3.0+ this configuration is moved out of webroot/index.php to App/Config/paths.php
If you have access to your php.ini, you can add the path to Cake core there. Doing it this way means you don't have to change webroot/index.php at all. Example in php.ini:
include_path = ".:/usr/local/lib/php:/home/something/phpinc/cakephp2/lib"
According to the CakePHP 2.x docs, this is the recommended way to share the Cake core (assuming you have access to your php.ini).
You can have only one cake core but you must have one app folder (containing MVC) by site.
Is this a misunderstanding of the folder structure of CakePHP?
From the docs (CakePHP folder structure):
The app folder will be where you work your magic: it’s where your application’s files will be placed.
The cake folder is where we’ve worked our magic. Make a personal commitment not to edit files in this folder. We can’t help you if you’ve modified the core.
So the cake folder shouldn't change between all of your uses, therefore you have 1 copy. You can always change some of the functionality of the core by making your own changes in the app folder i.e. extending.
There is no need to edit index.php.
Just put an alias (or link in UNIX) to your cake folder in each of your sites folder. Works perfectly. Same goes for plugins and vendors folder.
I'm trying to deploy an PHP application which is written with Zend Framework to a shared cPanel server.
There are not many tutorials available on this area online, however, I followed several of them. It is successful to run the test page which proves the zend framework is installed correctly.
However, since cPanel server has a default root directory called public_html/, it is impossible to simply rename it to the Zend Server's default public/.
As a result, I had two options in mind: (Say the project name is AAA)
1) upload my projects under the /public_html/ directory, then the project will be like /public_html/AAA/public, and etc.
However, this one simply fails to work.
My thought would be something wrong here with the baseUrl setting, however, no matter I comment ( which is to remove the baseUrl) or set to the root page, ( in this case /public_html/AAA) both failed.
2) I tried to follow the way listed in this article: http://blog.motane.lu/2009/11/24/zend-framework-and-web-hosting-services/. Still failed.
Can anyone suggest how to do it?
Really appreciate your help!
Just symlink it:
ln -s public public_html
then this structure will work:
htdocs/
myvhost.com/
public/
application/
library/
public_html # this is actually a symlink pointing to public
Whatever you do, dont just throw everything in the publicly accessible area... its just bad form :-)
I don't think ZF cares what you name your "public" directory. It's just the convention that's typically used.
I can't think of any ZF component or common use case where anything explicitly points at "public/...".
A project structure like this should work:
myproject/
application/
library/
public_html/ # this used to be public until you renamed it.
In a Zend Framework 1.10 application, I have a controller UsersController in a module api and in the index view of that controller I would like to reference a static asset (like a javascript file). How can I do that without putting the file in the main public?
so, we have a directory setup like this:
zfproj/
../application/modules/api/controllers/UserController.php
../application/modules/api/views/scripts/users/index.phtml
../application/modules/api/public/javascript/apimodule.js
../application/controllers/
../application/views/
../public/
I want to be able to include the apimodule.js in a view (in this case the users/index view). Ideally, this would able to be done without adding anything into zfproj/public
The intention behind this is to create a module that can be deployed into a ZF 1.10 application that is completely self-contained and does not require adding assets (like Javascript files) into the applications existing public/javascript files.
Typically all your publicly accessible assets go in public. It's meant to be the web root of your application and typically you set the DOCUMENT_ROOT of your apache virtual host to this folder. I'm not sure why you'd want to store client files (javascript, css, etc) outside the webroot. Can you elaborate more on your directory/application structure (maybe hinting at the location of the file you want to include)?
Edit
What you're asking should be possible. To make a standalone module, I think you'd just move "api" inside the primary public folder and the module would have its own bootstrap or you'd have to do something in your primary bootstrap based on the module name ("api" in this case). You'd have to modify your include paths accordingly. You'd need to add an .htaccess file to protect your code directories in this case.
../application/controllers
../public/api/controllers
../public/api/javascript/apimodule.js
../public/api/index.php
You might also create a symlink in your public folder that points to the public folder of api. So,
../public/api > ../application/modules/api/public
This would allow access to public but protect your code files. One thing I often do is check out subversion external into the public folder that just points to the public folder of the module. My CMS looks like this:
application/modules/cms
application/modules/cms/ui (public facing cms UI)
public/ui (svn:external pointing to application/modules/cms/ui)
HTH give you some ideas.