This question already has answers here:
unlink PHP works when file is in root, not if file is in folder
(2 answers)
Closed 5 years ago.
I have issues while trying to delete files in PHP, using unlink('filename').
I have tried with a complexe file and it didn't worked. I've been using relative paths as adviced on other post about this.
So i've made the simpliest script possible :
<?php
unlink("acs.gif");
?>
The script is located in the same folder as my asc.gif is, tho it still doesn't work.
I've got no fatal errors, and a warning when enabling error_reporting() and init_set(). But the file is still there.
I've tried to set the permissions to both my folder, my image and my script to 0777 but it didn't help.
I'm getting quite confused about what is happening.
Do you guys have any ideas ?
I recommend you to use absulte filepaths. In case you want to delete a file which is in the same directory of the called script, poleteaw answer should work (besides the missing / in the path):
unlink(__DIR__ . '/' . $filename);
Nevertheless take look of php's directory function realpath() and the predefined constants.
So what if you want to delete a file which is not inside your directory:
You can use the realpath() method to generate an absolute path out of a relative path. So realpath('/one/two/three/../..') results in '/one' - or for your case you can do something like realpath(__DIR__ . '/../../') to get into the root directory of you project.
The recommended way is to use a variable which holds the absolute path to the directory where you want to store and administrate your files like $filesDir = '/path/to/my/files'. With this approach you have two wins: your users files do not reside in your php project files and you have a way much better overview of which files are uploaded/administrated.
You shouldn't use relative path to file. If it lies in the same folder as a PHP script, use unlink(__DIR__ . '/' . $filename);. In other cases set a full path to unlink.
This question already has answers here:
What is double dot(..) and single dot(.) in Linux?
(4 answers)
Closed 5 years ago.
I always use require('dbc.php'); to include file but what is the difference when I prefix 2 dots ../ as below, is there is any extra security.
require('../dbc.php');
require('../lib/bootstrap.php');
require_once '../../../conf/config.php';
If you do
../../
You've gone back two directory
../
You've gone back one directory
This basically going out the current directory the file u are working on is in. It depends on the location of the db file relative to the file that needs it. It has nothing to do with security.
The . gives you the ability to set the path of the included files relatively to the path of the original file that run (the file that included them). The ./ indicates the current directory. So if including a file like such:
require('./config.php')
You are telling PHP to look in the current directory for "config.php". Which is the same as
require('config.php')
The ../ indicates the directory above or "parent directory"
require('../dbc.php');
This is telling PHP to go one directory up and look for "dbc.php".
These commands can be chained like so:
require('../lib/bootstrap.php');
require_once '../../../conf/config.php';
The dots simply are used to traverse the directory structure. What is double dot(..) and single dot(.) in Linux?, though you should avoid using relative paths and use absolute paths. Absolute vs. relative paths.
Security:
In its self, it introduces no security benefits, except if you get it wrong your app won't work at all!
It does add some protection against code disclosure if PHP fails to parse. This applies ONLY if you store your main code outside of the webroot, though I have never encountered or seen this issue spontaneously happen, though it possibly could. Storing script files outside web root.
This question already has answers here:
Get relative path to a parent directory
(2 answers)
Closed 8 years ago.
So I have this sort of file set up. /cloud/ and /embed/ being two different subdomains.
www
-cloud
--config.php
--files
---formSubmit.php
-embed
--index.php
in /embed/index.php I have the following code:
include("/www/cloud/files/formSubmit.php");
in /cloud/files/formSubmit.php I have the following code:
include("../config.php");
If I am on cloud.website.com and I go to the formSubmit.php, everything works fine and the config file is included.
However, If I am on embed.website.com and I go to the index.php, I get an error saying that config.php was not found.
Does anyone know what do I need to do to include my formSubmit.php from either location and have my config.php included?
In this case, it seems your usage of relative paths is working and absolute paths are not. Whether that means the absolute path of /www/cloud/files/ is incorrect or not, I do not know. In my code, I tend to try to reference files relatively as much as possible like so:
// In embed/index.php
include_once dirname(dirname(__FILE__)) . '/cloud/files/formSubmit.php';
What that does is get the directory of the currently executing file and then it's parent directory, which would be www, and then goes back down the path from there to the file I need.
Subdomains should not make a difference when accessing files server side (as long as the files are hosted on the same server).
I wrote the PHP code for my website almost 9 years ago. I have a config file called common.php. Each page in my site requires this page to access the site's constants, classes and variables.
I develop on a local machine and then upload files to a live site. The code I have used on my pages to call common.php is:
$main = ($_SERVER['HTTP_HOST'] == 'localhost')? "E:\-=Web=-\-=Sites=-\mysite\main\common.php" :"/home/mysite/public_html/main/common.php";
require_once($main);
This has worked fine and has never given me any issues.
However, I figure I could instead just use:
require_once($_SERVER["DOCUMENT_ROOT"]."/main/common.php")
This would make my code more compact and it also means I do not have to have my development site files always in E://
So my question is, is it good practice to use $_SERVER["DOCUMENT_ROOT"]?
Is this what most developers would do if wishing to call the config file on each page?
The most common and reliable way is to define a constant that contains the path to your code either in your index.php file, or a config.php file which is included from the same directory or a known relative path and reference that:
if (!defined('APP_DIR')) define('APP_DIR', __DIR__); // set the app directory to that of the currently executing file
Your require line for other files then becomes this
require_once(APP_DIR . '/main/common.php');
Now, you can guarantee that this constant will contain what you expect it to. Assuming you've set it right, that is. ;)
In HTML, I can find a file starting from the web server's root folder by beginning the filepath with "/". Like:
/images/some_image.jpg
I can put that path in any file in any subdirectory, and it will point to the right image.
With PHP, I tried something similar:
include("/includes/header.php");
...but that doesn't work.
I think that that this page is saying that I can set include_path once and after that, it will be assumed. But I don't quite get the syntax. Both examples start with a period, and it says:
Using a . in the include path allows for relative includes as it means the current directory.
Relative includes are exactly what I don't want.
How do I make sure that all my includes point to the root/includes folder? (Bonus: what if I want to place that folder outside the public directory?)
Clarification
My development files are currently being served by XAMPP/Apache. Does that affect the absolute path? (I'm not sure yet what the production server will be.)
Update
I don't know what my problem was here. The include_path thing I referenced above was exactly what I was looking for, and the syntax isn't really confusing. I just tried it and it works great.
One thing that occurs to me is that some people may have thought that "/some/path" was an "absolute path" because they assumed the OS was Linux. This server is Windows, so an absolute path would have to start with the drive name.
Anyway, problem solved! :)
What I do is put a config.php file in my root directory. This file is included by all PHP files in my project. In that config.php file, I then do the following;
define( 'ROOT_DIR', dirname(__FILE__) );
Then in all files, I know what the root of my project is and can do stuff like this
require_once( ROOT_DIR.'/include/functions.php' );
Sorry, no bonus points for getting outside of the public directory ;) This also has the unfortunate side affect that you still need a relative path for finding config.php, but it makes the rest of your includes much easier.
One strategy
I don't know if this is the best way, but it has worked for me.
$root = $_SERVER['DOCUMENT_ROOT'];
include($root."/path/to/file.php");
The include_path setting works like $PATH in unix (there is a similar setting in Windows too).It contains multiple directory names, seperated by colons (:). When you include or require a file, these directories are searched in order, until a match is found or all directories are searched.
So, to make sure that your application always includes from your path if the file exists there, simply put your include dir first in the list of directories.
ini_set("include_path", "/your_include_path:".ini_get("include_path"));
This way, your include directory is searched first, and then the original search path (by default the current directory, and then PEAR). If you have no problem modifying include_path, then this is the solution for you.
There is nothing in include/require that prohibits you from using absolute an path.
so your example
include('/includes/header.php');
should work just fine. Assuming the path and file are corect and have the correct permissions set.
(and thereby allow you to include whatever file you like, in- or outside your document root)
This behaviour is however considered to be a possible security risk. Therefore, the system administrator can set the open_basedir directive.
This directive configures where you can include/require your files from and it might just be your problem.
Some control panels (plesk for example) set this directive to be the same as the document root by default.
as for the '.' syntax:
/home/username/public_html <- absolute path
public_html <- relative path
./public_html <- same as the path above
../username/public_html <- another relative path
However, I usually use a slightly different option:
require_once(__DIR__ . '/Factories/ViewFactory.php');
With this edition, you specify an absolute path, relative to the file that contains the require_once() statement.
Another option is to create a file in the $_SERVER['DOCUMENT_ROOT'] directory with the definition of your absolute path.
For example, if your $_SERVER['DOCUMENT_ROOT'] directory is
C:\wamp\www\
create a file (i.e. my_paths.php) containing this
<?php if(!defined('MY_ABS_PATH')) define('MY_ABS_PATH',$_SERVER['DOCUMENT_ROOT'].'MyProyect/')
Now you only need to include in every file inside your MyProyect folder this file (my_paths.php), so you can user MY_ABS_PATH as an absolute path for MyProject.
Not directly answering your question but something to remember:
When using includes with allow_url_include on in your ini beware that, when accessing sessions from included files, if from a script you include one file using an absolute file reference and then include a second file from on your local server using a url file reference that they have different variable scope and the same session will not be seen from both included files. The original session won't be seen from the url included file.
from: http://us2.php.net/manual/en/function.include.php#84052
hey all...i had a similar problem with my cms system.
i needed a hard path for some security aspects.
think the best way is like rob wrote. for quick an dirty coding
think this works also..:-)
<?php
$path = getcwd();
$myfile = "/test.inc.php";
/*
getcwd () points to:
/usr/srv/apache/htdocs/myworkingdir (as example)
echo ($path.$myfile);
would return...
/usr/srv/apache/htdocs/myworkingdir/test.inc.php
access outside your working directory is not allowed.
*/
includ_once ($path.$myfile);
//some code
?>
nice day
strtok
I follow Wordpress's example on this one. I go and define a root path, normally the document root, and then go define a bunch of other path's along with that (one for each of my class dirs. IE: database, users, html, etc). Often I will define the root path manually instead of relying on a server variable.
Example
if($_SERVER['SERVERNAME'] == "localhost")
{
define("ABS_PATH", "/path/to/upper/most/directory"); // Manual
}
else
{
define("ABS_PATH, dirname(__FILE__));
// This defines the path as the directory of the containing file, normally a config.php
}
// define other paths...
include(ABS_PATH."/mystuff.php");
Thanks - this is one of 2 links that com up if you google for php apache windows absolute path.
As a newbie to intermed PHP developer I didnt understand why absolute paths on apache windopws systems would be c:\xampp\htdocs (apache document root - XAMPP default) instead of /
thus if in http//localhost/myapp/subfolder1/subfolder2/myfile.php I wanted to include a file from http//localhost/myapp
I would need to specify it as:
include("c:\xampp\htdocs\myapp\includeme.php")
or
include("../../includeme.php")
AND NOT
include("/myapp/includeme.php")
I've come up with a single line of code to set at top of my every php script as to compensate:
<?php if(!$root) for($i=count(explode("/",$_SERVER["PHP_SELF"]));$i>2;$i--) $root .= "../"; ?>
By this building $root to bee "../" steps up in hierarchy from wherever the file is placed.
Whenever I want to include with an absolut path the line will be:
<?php include($root."some/include/directory/file.php"); ?>
I don't really like it, seems as an awkward way to solve it, but it seem to work whatever system php runs on and wherever the file is placed, making it system independent.
To reach files outside the web directory add some more ../ after $root, e.g. $root."../external/file.txt".