I'm currently developing an android application. The backend is written in PHP and takes input from the android app and connects it with a MySQL database (similar to http://www.androidhive.info/2012/01/android-login-and-registration-with-php-mysql-and-sqlite/).
One of my class files (similar to the UserFunctions.java in the above link) requires the url to be given e.g. private static String loginURL = "http://10.0.2.2/android_api/index.php" so that the requisite communcation can take place. My issue is that all my PHP files are in a folder under \www e.g. \www\blah\. I'm fairly sure that I have put my PHP files in the wrong place as the link (Point 2 of http://www.androidhive.info/2012/01/android-login-and-registration-with-php-mysql-and-sqlite/) shows some files being placed in \include\ and the index.php file outside this \include\ directory.
Where should I be placing my PHP files so that my file structure enables my app to communicate with the MySQL database (defined for example as android_api as in the link).
If you are using wamp it may be in C:/wamp/www/android_api. www is the web root directory. If you call http://10.0.2.2/android_api/index.php, webserver will look the file index.php in the path C:/wamp/www/android_api
I'm fairly certain all of your application's php files should be in www.
I'm not currently developing in Java so you may need to fiddle with what I tell you but the way I access mysql from an external application is this:
Connect to database and perform query within the php file. Then echo the results (JSON encode if necessary)
Then in the external application, simply use the path to the php file:
eg. "http://localhost/your_script.php"
This will be your php file if it is in the root of www
Notice that you do not specify www in the path.
Related
So I was wondering about requirements regarding File-Setup to an online Server, as I'm actually using a Localhost.
Document Root: I use the $_SERVER['DOCUMENT_ROOT'] / http / folder / file.php to navigate to all my files:
if I change to a Server, I do not have to make any changes regarding the path?
file privancy: Mostly, I use classes & methods in those files.
If I upload all Files to the Server, does a user have access to them (eg. typing url/folder/file) & isit possible to process/access them somehow as external user?
How to provent this the most easy way? (I heard about .htaccess, or using Server-rootfolder), but there is a simple php code to check if its a linked file?
There are any other very important remarks regarding FILE setup from localhost to public Server? So, user are not able access sensitive data from Files (eg. DB Connection, datahandling, etc.)
Thank you very much for your help :)
I have a local version of Windows php to test my webpage. I run it using php.exe. It has a built-in webserver so pages can be accessed from a browser through localhost:/path.
If I enter an URL pointing to a file it opens that file in browser. I would like to configure it so that it shows the content of a directory if URL points to a directory. E.g. after inserting URL http://localhost:1234/foo/bar/ into the browser I would want to see the files in the bar directory listed in the browser. Similarly how other webservers do it when configured so.
My local PHP returns 404 instead.
Is there any way how to achieve that for this built-in webserver in php.exe? How?
The built-in server is specifically for quick development and debugging as stated in the command line server doc and directory listing is one of the features is lacks. This answer provides an example for building yours though.
I have been reading about where to securely save a PHP file that has my mysql database connection password. I understand from the forums that it should be saved in a folder above the webroot. I have a cloud server from a hosting company.I have access to root
The path to the public files is as follows:-
/var/www/vhosts/mydomain.co.uk/httpdocs/afile.php
Say I have a PHP file (containing my password) called sqlpassfile.php
Would the following be okay as a place to securely store it? ie in a new folder called Newfolder after vhosts??
/var/www/vhosts/NEWFOLDER/sqlpassfile.php
Sorry for a simple question but just want to make sure its secure
Thanks
All the nowadays PHP framework you will find do, indeed store their whole code base in a level under the web root.
They do not only store informations like credentials actually, they do store all the business logic of the application outside of the web root. They will then only allow a facade file to be accessed (most of the time a index.php or app.php) that will, then, with the help of controllers, handle every request and route you to the right page/content, and, of course, all the static content the site will use (your design images, your css, your js, ...).
For example :
Zend Framework does use a public folder where you will find an index.php and all the static files
Symfony does use a web folder where you will find two files app.php and app_dev.php and again all of the static files
So in your case you could do
/var/www/vhosts/example.com/httpdocs/ is the web root of your server
/var/www/vhosts/example.com/app/ store all the php code you need
/var/www/vhosts/example.com/app/config store all your configuration file, and then maybe your credentials files which you can call sql_config.php
/var/www/vhosts/example.com/httpdocs/afile.php will require_once '../app/config/sql_config.php
Usually, People just save the database connection information in a regular PHP file, for example, Wordpress saves the connection info in it's wp-config.php. Simply because nobody is able to see your password by visiting that php page, nothing is returned.
To make it more secure, you can disable access to php file while mod_php stopped working. Try this in you .htaccess
<IfModule !mod_php5.c>
<Files *.php>
Order Deny,Allow
Deny from all
</Files>
</IfModule>
Please also have a look at this post:
Password in file .php
Whether your method is safe depends on the configuration of the server, something that providers are not often very good at documenting.
Your first line of defence is keeping what is essentially confutation data inside a file named with a .php extension. So if it is accessible from a browser the webserver will execute the file rather than returning the data. You certainly want at least 2 levels of security on your data (each of which you have tested independently).
Considering the path you have chosen, /var/www/vhosts/NEWFOLDER/sqlpassfile.php what happens if you request http://NEWFOLDER/sqlpassfile.php from the server? (In most cases, nothing but once in while....) Generally its better practice to keep it well clear of the directories your webserver uses.
I am working on an AJAX post from which needs to send data to a php file. This file is ONE located level above the domain root.
If my domain root is /root_general/root_domain/
The file php backend file is in /root_general/
I am trying to achieve this by using the dirname($_SERVER['DOCUMENT_ROOT']) url. But AJAX won't load the file, it tells me that the file wasn't found on this server. I am using Apache2 on Ubuntu and working with all permissions enabled.
How can I do it in other way? I need to put the file outside because it is supposed to be used by many different domains, and I think it wouldn't be clean to paste the same file inside every single domain root.
Edit: some code
When calling the file it's this way:
http[act].open('post',url,true);
You can't use AJAX to access files on the server. You can use it only to access URLs. So what you need to do is point an URL to that file you want to access. You can give it own domain, you can copy it a few times or you can have symlinks point to it.
So, i'm a total noob with codeigniter but i'm getting by.
I have a domain name on iPage. Currently, I am using codeigniter w/ my codeigniter project inside htdocs which is inside XAMPP. Everything is working great on localhost, but I am totally lost on where to start concerning how to put my project onto my web hosts server.
There is not much to it.
The following part, does not really belong here, but I guess I like to start from the beginning.
You need a domain name and hosting space(with a php server ofcourse).
The hosting provider will provide you with ftp access and a control
panel to access your files. You need to add nameservers to your
domain name to associated it with your hosting space.
www.yourdomain.com/ will point to your hosted files. (This might take a couple of days to take effect).
To answer your question:
Now, you can simply upload the contents of your project to your home
directory on the hosting server. You can organize it the way you want
with subfolders etc. You'll also need to make server specific changes
like mentioned here
You might also need to check if any php libraries need to be enabled on your server.
CodeIgniter is installed in four steps:
Unzip the package.
Upload the CodeIgniter folders and files to your server. Normally the index.php file will be at your root.
Open the application/config/config.php file with a text editor and set your base URL. If you intend to use encryption or sessions, set your encryption key.
If you intend to use a database, open the application/config/database.php file with a text editor and set your database settings.
If you wish to increase security by hiding the location of your CodeIgniter files you can rename the system and application folders to something more private. If you do rename them, you must open your main index.php file and set the $system_path and $application_folder variables at the top of the file with the new name you’ve chosen.
For the best security, both the system and any application folders should be placed above web root so that they are not directly accessible via a browser. By default, .htaccess files are included in each folder to help prevent direct access, but it is best to remove them from public access entirely in case the web server configuration changes or doesn’t abide by the .htaccess.
If you would like to keep your views public it is also possible to move the views folder out of your application folder.
After moving them, open your main index.php file and set the $system_path, $application_folder and $view_folder variables, preferably with a full path, e.g. ‘/www/MyUser/system’.
Reference: https://www.tmdhosting.com/codeigniter-hosting.html