I'm building a website that contains a considerable amount of object-oriented PHP code. To keep the code clean, each class is stored in a single file named [classname].class.php and require_once'd in the script file. Being a form evaluation script, it already has redirections based on the POST variable to prevent dummy execution and database errors.
How do I make it so anyone trying to access the .class.php files gets redirected to the related HTML page, but keep it usable by include and require?
you can either
put it outside the public_html folder
deny access/redirect using filename patterns in the .htaccess
build a small php code in (the top of every class file) that looks for a variable which is initialised in the index. If it's not there, redirect.
If you need further explanation on any of these, just ask.
Related
new-bee with this question.
so, enlightened ones, don't hastily down vote this question.
here's the explanation why this question arose:
in times when PHP engine doesn't start (because of any reason), our PHP code is shown as plain text.
to avoid this, before shifting to laravel, i used to keep code files in parent folder to "public_html" and include it where ever i wanted.
e.g.
my index.php is in:
public_html\index.php
inside this index file i write
include("..\code4index.php");
in this case if PHP engine fails, viewer will only see include("..\code4index.php"); as text
and as this "code4index.php" is out of the scope of website folder "public_html", it is not accessible.
now i am shifting to laravel.
what will happen if php doesn't start by some reason.
will my code be visible to all?
if yes, what must i do to avoid this?
if CodeIgniter provides this, i would give it a chance.
i want my code to be inaccessible in any circumstances.
what will happen if PHP doesn't start by some reason?
will my code be visible to all?
YES, it will be visible as normal text. and it will try to execute your index.php or root file of the application.
And you can't achieve this anyway.
I'm new to Joomla, but not a new programmer. I've written several applications in PHP that I want to include inside Joomla articles. Simple enough:
<?php include 'file.php'; ?>
The issue is that inside the PHP files I have a bunch of code gathering and creating variables that I need to POST and retrieve. I can get those POST variables inside the Article, but I can't pass them back to the included PHP file.
I've even coded the included PHP files to access the Joomla framework hoping to retrieve Joomla user id for example. This won't run inside the Article either and returns empty. However, if I run the PHP file on its own outside of the Article, I can access all POST data (obviously) and also the Joomla JFactory data. So it runs fine, until it's placed as an included file inside an Article.
The only way I've been able to pass something to the included PHP file is using $_GET url variables like this:
<?php include 'file.php?data=something'; ?>
However, this simply isn't practical as I have too many variables to pass like this. Normally, included PHP files run as part of the parent script and have access to all variables. How can I accomplish this in Joomla??
Much appreciated!
It is not recommended to include php into articles. Try instead one of these approaches:
Load your code in the index.php - file in your template: /templates/yourtemplate/index.php. This file is called every time your page is called.
Make a template override of the component where you want you external php file to be loaded. If this is in an article, you copy /components/com_content/views/article/tmpl/default.php (and possibly also other files there) to /templates/yourtemplate/html/com_content/article. Then add your include-statement here. (info) This file will be loaded each time you view a single article, but you can have further logic to only run it if (whatever)...
Use Jobin Jose's approach if you want to load you php-file inside content in an article. (info)
Some other approach writing a plugin
...or a component
I would say probably the easiest method is 2. (or 1.), but it all depends what you want to do.
Try this,
You have to create a simple module for your requirement, means what you are trying to achieve with included php file.
then place that module within the article with {loadposition module_position}
then you will get all the POST variables to that article and also suppose user_id and all other joomla Factory can be accessed bcoz its a Joomla module.
for a quick tutorial about module creation can be found here.
hope it make sense.
I resolved this using an Extension called Sourcerer
https://www.nonumber.nl/extensions/sourcerer
Variables can be passed without issue now.
Thanks for the input.
Why do not you try to create a new Joomla component and do whatever you want it it?
I am absolutely beginner in php/mysql but managed to do it with my page, following this instructions:
http://www.inmotionhosting.com/support/edu/joomla-3/create-component/helloworld
When you create this component, whatever you write in its "default.php" file, is actually a blank HTML/PHP page, with your joomla design and some other Joomla-features.
Sorry for the amateur answer and terminology :)
If I write an entire website in a single App class PHP file and include it in every page, then from each page, I call only the related functions and render the page (separate template files) from the App class.
Does PHP actually read the entire script or does it just try to search for only the functions being called? This is with regards to large apps, load times and bandwidth.
PHP reads, compiles, and executes the entire script. This is the only reliable way for it to know where all the functions begin and end.
Quoting the documentation:
"When a file is included, the code it contains inherits the variable scope of the line on which the include occurs. Any variables available at that line in the calling file will be available within the called file, from that point forward."
If you were to write the entire app in a single file and in a single class it would surely be parsed. PHP would otherwise not know the structure of your class. However, once parsed PHP can be set to store the parsed files so a complete re-parse does not have to be done next time.
As answer to the second part of your question. PHP parses the entire contents of included files. The only distinction is text outside of the tags which does not have to be tokenized etc.
I'm sure this is a quickie. I have a PHP application I'm working on, and I'm designing the form validation/processing; the file will be called via AJAX.
My question is: when I call the form validation .PHP file via AJAX, will it have access to my previously declared .PHP includes?
For example, if I have a class User already included on the page calling the AJAX file, will I be able to call new User or User::authenticate inside my form validation .PHP?
Thanks.
Each invocation of php stands alone. It has no knowledge of what ran before it.
And it makes no difference that it's ajax. ajax calls are identical to simply browsing to the page regularly. It's just another way to display it in the browser, not another way to run php.
if you include it in your validation .PHP file yes, otherwise no
AJAX won't have any access to your PHP, it will merely have access to the output of your PHP. On the other hand, your PHP script will definitely have access on the included files.
You will be able to call new User, and then User::authenticate, but not only the last one alone.
i have been given a php application as an internship project to clean up. The developer before has declared stuff like dbhost,dbuser so many times. On each script page. I was wondering what sort of design php developers use to get around this. i.e making a property file ? etc..
Generally most applications have a common include file, usually named something like "bootstrap", that defines global options and values and sets up some initialisation code. Then each page that is requested includes this file first.
In your case you'd put your database configuration in this bootstrap (perhaps traditionally in /includes/bootstrap.php), then for each page where it is required require "./includes/bootstrap.php";.
As an example, phpBB includes its 'kernel bootstrapper' on each page.
In order to avoid errors you should use require_once:
require_once "./includes/bootstrap.php";
This way even if multiple scripts try to include that specific file it is only included once.
Do not make a property file, or, if you insist, be certain that it cannot be downloaded through HTTP. The advantage of a PHP file is that, even if hackers guess the file name, it won't reveal much.
Put all DB credentials into a separate .PHP file, e.g. db_settings.php and then insert everywhere
<?
...
include "db_settings.php";
... ?>
You may even insert database connection code into the same file.