I'm working on small project, and will host it on normal Godaddy host plan, the problem is: all file system will be accessible through internet.
so, how can I prevent access to any folder or file except /public
CONTRIBUTING.md
app/
artisan
bootstrap/
composer.json
composer.lock
phpunit.xml
public/
server.php
vendor/
thanks,
Why not split the project up? Upload the contents of public to your document root and the rest somewhere else (like your home directory). Then just modify the two paths in the public/index.php file to point to the right locations, eg
$path = __DIR__ . '/../my-app';
require $path . '/bootstrap/autoload.php';
$app = require_once $path . '/bootstrap/start.php';
If you point your apache site document root to /public, there is no way people can access any other file in your application outside your public. Even if they try to do things like:
http://yoursite.com/../
EDIT:
This is not something you should rely on a framework to do, securing directories on your site is the web server job, so you need to find a solution on your server: virtual host, document root, web root, domain directory or even .htaccess configuration.
In some shared hosting companies you can do that easily, some have cPanel or Plesk, but other, like Hostgator, will give you just enough configuration so you can change your directory root to /public. Looks like GoDaddy doesn't help much if you don't have a cPanel account, but, still, there are tricks to help you doing it the way you should be doing: http://support.godaddy.com/help/article/4067/setting-up-a-non-web-accessible-root-folder. Probably there are others around.
Related
I'm using a new server host and $_SERVER["DOCUMENT_ROOT"] is not working because returns a different path than the real one.
Example, I added includes/inc.php to the public_html folder on the server and used this code:
include_once($_SERVER["DOCUMENT_ROOT"] . DIRECTORY_SEPARATOR . 'includes' . DIRECTORY_SEPARATOR . 'inc.php');
This is the result:
Warning: include_once(/var/www/html/includes/inc.php): failed to open stream: No such file or directory in /home/tom_server/public_html/index.php on line 4
$_SERVER["DOCUMENT_ROOT"] is returning something unexpected. If I use dirname(__FILE__) it returns the right path:
/home/tom_server/public_html/includes/inc.php
But dirname(__FILE__) is not a useful solution as I need main root folder for relative paths. Is this a server configuration issue?
/home/<username>/public_html is the default user's web content directory used by apache if this feature is enabled.
When activated, the usual intended use of such personal directories is to store some static pages (cv, personal page in the company/institution...) and small dev/tests for easy access without having to configure anything. I used them a lot for students when I worked in a university a very long while ago so they could store and share their assignments.
When this feature is enabled, the pages in personal directories are served by the default webserver/virtual host, for which the document root is configured to /var/www/html by default on most linux distributions.
If you want to have a document root starting at the root of your php application, you can:
Fast and easy but ugly: move your application files to /var/www/html
Single user/app solution: modify the default webserver to point to your app (in place or in a new folder).
Prefered: use a dedicated folder for your app and configure a new Virtual Host in apache
If you do not have access to your server configuration and can only publish your files in your current user web directory, well... I have a bad news: you will not be able to use DOCUMENT_ROOT anymore in this context.
Details for configuring apache are beyond the scope of your question and probably belong to an other stackexchange site.
how can i know where is my web root folder ?
and how to put folders out of web root folder?
and how to test that they are not accessible from outside ?
the structure of my hosting is like this:
www.website.com :
public_html/
includes /
logs/
...
is it enough to protect includes folder and logs folder with htaccess? and are they out of web root in this case?
i know that $server[document root] provide the root of my website , but i am confused about how to put files out of it , any help would be welcome , thanks for all
All your files are currently in the public web root folder.
The 'inside' of your root is your publichtml/. Everything you place in there will be publicly accessible.
The name of your root can vary from host to host, often public_html or httpdocs.
The 'outside' is one directory up. But remember some hosts do not give enough permissions.
You cannot test documents outside your root, because they are not accessible. Only something like PHP can access those files. That's why you do not place your img/JS/CSS files outside the root cause they need direct access.
You can however serve them through your PHP.
I've a social network that I'm building a mobile site for. It's pretty much finished although I'm struggling to mkdir when a user creates an account on the mobile site in the overall host root. Is it possible?
I tried this:
mkdir("http://www.domain.com/image/".$mid, 0777);
mkdir("http://www.domain.com/image/".$mid."/temp", 0777);
mkdir("http://www.domain.com/image/".$mid."/preview", 0777);
umask($oldumask);
copy('http://www.domain.com/images/default.png', 'http://www.domain.com/image/'.$mid.'/default.png');
copy('http://www.domain.com/images/default.png', 'http://www.domain.com/image/'.$mid.'/thumb-default.png');
But unsurprisingly it didn't work. How can I go back to the host root of the site, not the domain root? Is it possible? Any suggestions?
See the DIR layout example here:
Echo __DIR__ (dirname(__FILE__) for PHP below 5.3) in your index.php (or any other file that covers its base). It should return the full path from the server root to index.php. mkdir needs the server root, not the browser root.
I have a development server at dev.mysite.com and I am working with coda and git to make commits and pushes to the repo which has a developmenet branch that points to my dev domain.
The file structure as of right now is this. As of right now does anyone see anything that I should reconsider changing. I'm asking this because of having a public_html inside the dev folder or what. With this setup currently when I load dev.mysite.com it shows the index of / which shows .gitignore, .git, and public_html.
../
/dev
/mysite.com
.git
.gitignore
/application
/public_html
/assets
index.php
/system
/mysecondsite.com
/application
/public_html
/assets
/index.php
/system
/sites
/mysecondsite.com
/application
/system
index.php
Does anybody have any ideas?
If you want to have a development environment and a production environment. While having the core files for CI outside of a public_html. You have to redefine your document root. I assume you are using a server the comes with cPanel as your means of administration for your server.
So that said, you go into your cpanel and where you defined your dev subdomain, you should be able to edit the document root folder. So on the server in your dev folder you will add a public_html like I gather you already have from the example above. And with your current folder settings for dev you add /public_html to the string that is the folder path now.
Once you do that allow a minute or two for it to delegate to the server from cPanel. And move your folders around as you see fit.
From there, you find the root index.php and open that up, find the references for your application folder and your system folder and change them to match the paths they should be looking for now. Likely using relative paths.. ie: ../../applications for example. Save your index.php
Assuming you have done everything in general correct your copy of CI should load correctly as it did when you didnt have everything in the folders split up like you want..
I have a little problem: I began a project as a subdirectory in a larger web project. Thus the web file path is something like /../myProject. But things have progressed and I've realized that this should be its own project. However, I'd like to be able to keep it where it (as a sub-directory) also make it a sub-domain wherein myProject becomes the root. (There is also the possibility that my project will be mirrored at a library site, where it will once be in a sub-directory).
The problem I having with all this is that in some cases I have html_partial files, (for instance for the header or footer). But the relative path of these partials differs depending on where you are in the file tree. I originally solved this by always going back to the root.
But now, you see, depending on where my project lives, the root will be different. What I'd like to do is declare myProject as the "application root" and then be able to use relative paths based on this application root rather the than the web root'. This way, all of the relative paths within 'myProject' will work no matter wheremyProject` lives in the web path.
Does PHP have a way to declare something like an Application Root if so, can you explain it me or direct me to its documentation. Thanks!
You could simply have a PHP file in your application root directory which would define the directory it is in as the application root. The file could be as simple as this:
<?php
define('APPLICATION_ROOT', __DIR__);
?>
You could then include this file as needed and base all of your file paths off of APPLICATION_ROOT. Note that APPLICATION_ROOT would not have a trailing slash as defined here (unless your file happened to be on in the machines root directory, which is unlikely).
I usually do something lile this in the front controller:
define('APPLICATION_PATH', realpath(__DIR__));
Then you can do things like:
set_include_path(APPLICATION_PATH . '/include');
Or:
$fp = fopen(APPLICATION_PATH . '/path/to/some/file', 'r');
If your app doesn't make use of a front controller, you could define an environment variable in your vhost config or .htaccess:
SetEnv APPLICATION_PATH /full/path/to/my/app
And then use:
getenv('APPLICATION_PATH')