How can I access files via a url that are placed in /home/uzair/etc/index.php? Even when I run domain (something.com) it shows me data of (/home/uzair/public_html/index.php) this file.
Anyone please help me that how can I access that placed in (/home/uzair/etc/index.php) on my domain (something.com)
home
uzair
etc
index.php
public_html
admin
index.php
It sounds like you are in something.com which is visible to you on the web so it is located inside of public_html but you want to include a file that is higher up in the file system.
If that is what you are looking to do, use:
include("../etc/index.php");
The .. tells the server that you want to access the files in the next level up.
If you did:
include("../../uzair/etc/index.php");
That would have taken you all the way up to home and from there you would have access to many more files if you wanted to.
Files outside of public_html are protected from being seen on the web. Many people use that feature as a security to their content. If you have a file on there that you want to show contents of though, you have to use the include('file.php'); or include_once('file.php'); or even require_once('file.php') in a public ally visible file. Aka a file you have in public_html has to be the one to call the higher up file. If I am understanding your question right, that is how it is supposed to be done. Let me know if that is answering your question or not:-)
How you can run files not in public_html?
Files outside of public_html are protected from being seen on the web. Many people use that feature as a security to their content. If you have a file on there that you want to show contents of though, you have to use the include('file.php'); or include_once('file.php'); or even require_once('file.php') in a public ally visible file. Aka a file you have in public_html has to be the one to call the higher up file. If I am understanding your question right, that is how it is supposed to be done.
Related
I need some help.
I was reading the security recommendations of my hosting service and they say that ideally just put the
index file and files like css, js and img inside my root folder, and that all other files should be placed
off, that is, a level above.
I tried doing this in my tests, and I had some problems. The structure of the hosting folders is:
/
/htdocs
Inside /htdocs I put the index.php file and when accessing it through the url exemple.com/index.php works normally.
But putting other test files out of htdocs is what starts the problem. For example, if I have a file called contact.php
and I try to access it through the url exemple.com/contact.php I get the 404 error message.
So the question I have to ask is:
Is it possible to access url files that are outside of htdocs, or better to put all the files that will be accessed by the url inside
of htdocs and leave only configuration files outside this folder, like class, functions, database connection, etc?
And if it is possible to access the files by url, how would I rewrite these urls in htaccess?
and that all other files should be placed off
Yes, this is good practice. However, you're misunderstanding the implementation.
You can not directly access files outside the document root. But you can indirectly access them. I.e., the web server can't see them, but your programming code can.
Ideally, your site would use the front controller pattern. Here, your index.php file would serve every page of your app by intercepting every request and then routing it to the correct end point. I.e., you would never directly request /contact.php, you'd instead request /contact, which would get funneled to /index.php, which would load the required resources from outside the doc root.
You see how facebook works, like if my profile is
www.facebook.com/myusername
then there is a specific index.php file and other lots of files that open when I open facebook.com/myusername.
Now I believe it is highly unlikely that Facebook copied the same files into each and every user's username directory.
How else would it work?
I'll be having many different users using the same application, i.e. the same set of files with minor changes in one or two files. Do I necessarily have to copy all the files into all the user directories each time?
I tried putting an index.php file in the subdirectory that contains this code:
<?php
require '../index.php';
?>
Now even though that runs the ../index.php file inside the subdirectory, but when the ../index.php file redirects to say another file named 'otherfile.php', then it gives a 404 not found error, because 'otherfile.php' is not present in the subdirectory, it is present in the parent directory.
How do I solve this problem?
This might be hard to explain but I am looking for the best method of having one or a group of config files so if I need to update something its a little easier to do.
I have wrote a PHP application that has a sub folder for the admin side off the root folder and includes folder that is sub folder off the root folder as well .(see below)
the include folder has database config files, loads common variables and so forth. the problem is the path for the admin files that call for the database connection are obviously different than the files in the root folder.
so I started this but now I wonder if there is a better method than the route I am going.
`if($adminfile=="yes")
{
require('../includes/database/connect.db.php');
}
else{
require('includes/database/connect.db.php');
}`
I would really appreciate some advice, should I scrap this idea and have 2 location for the config file? Part of me hates to include in all the standard code $adminfile="no" I keep thinking is there a better way.
How do others solve this problem?
Check the value of your include_path in php.ini or your local config (via .htaccess for apache is another way to do it. If you add the path to demo to the include_path setting, then:
include('includes/database/connect.db.php');
or
require_once('includes/database/connect.db.php');
Will work from any file or sub folder.
Another way to do this is to include a single bootstrap file that has all the settings (i.e. not just your database ones) in your scripts.
A better way to do this is to route all your requests through a Front Controller that does anythign setup/teardown you need on every request. See PHP Front Controllers
you can define a constant in every file ... which defines the root folder you have
define('root', 'demo/');
and do
require(root.'includes/database/connect.db.php');
and this will work fine with any file you want to require
In a way to secure my files from outside access, I am considering placing all the included files outside the public_html folder or the httpdocs folder.
However, this comment is saying that nothing should be kept outside of the public folder that handles user input data.
What is the best and most ideal practice for this? My thinking would be to have a .htaccess point route EVERYTHING to an index.php, and the index.php includes all the neccessary files such as database connections and whatever else, and also includes the .php file which would have the HTML and PHP inside it for the main body content of the page.
Can anyone tell me if there is anything wrong with that, and why?
However, this comment is saying that nothing should be kept outside of the public folder that handles user input data.
The comment uses the word direct. Includes are handling the data indirectly.
My thinking would be to have a .htaccess
Configuration is better handled in the main configuration file if possible. .htaccess marginally is less efficient (and scatters configuration across your webroot).
point route EVERYTHING to an index.php, and the index.php includes all the neccessary files such as database connections and whatever else, and also
The front controller pattern is a perfectly reasonable approach.
includes the .php file which would have the HTML and PHP inside it for the main body content of the page.
Simply including that can start to create a bit of a mess. I suggest investigating the MVC pattern.
The comment you are referring to says that nothing that handles input or output directly should be outside the document root.
On the other hand, it's perfectly fine to place library code outside the root. If you use index.php as a single entry point to your application, pretty much the only things that should be web-accessible in addition to that script would be your assets (css, js, images, etc).
I have a folder (folder_1) that is protected by htaccess/htpasswd files. Inside that folder is another folder (folder_2) that is protected by another couple of htaccess/htpasswd files.
When a php-script in folder_1 or folder_2 is called, the user has to authenticate herself using the correct username and password as specified in the respective htaccess/htpasswd files. This works as intended.
However, as soon as the php-script in folder_2 tries to refer to another script or a css-file that is located in folder_1, the user must enter username and password for folder_1 as well.
Is there a way to avoid this that does not involve copying scripts and css-files from folder_1 to folder_2?
Regards,
Ralf
Unfortunately not; as simply enough, any requests from a particular directory use the rules defined in its own htaccess/htpasswd files. However, I can recommend that you put support files in a tertiary folder, so that you don't have to have a copy in each folder (put css and js in a "folder 3" of sorts).
You can achieve this using access rights, see here under "Checking access rights" about half way down the page. The results is only one login required by a user.
http://www.htpasswdgenerator.com/apache/htaccess.html
I've spent a half day looking into this as it would be an ideal solution for my staging server.