I am working on an AJAX post from which needs to send data to a php file. This file is ONE located level above the domain root.
If my domain root is /root_general/root_domain/
The file php backend file is in /root_general/
I am trying to achieve this by using the dirname($_SERVER['DOCUMENT_ROOT']) url. But AJAX won't load the file, it tells me that the file wasn't found on this server. I am using Apache2 on Ubuntu and working with all permissions enabled.
How can I do it in other way? I need to put the file outside because it is supposed to be used by many different domains, and I think it wouldn't be clean to paste the same file inside every single domain root.
Edit: some code
When calling the file it's this way:
http[act].open('post',url,true);
You can't use AJAX to access files on the server. You can use it only to access URLs. So what you need to do is point an URL to that file you want to access. You can give it own domain, you can copy it a few times or you can have symlinks point to it.
Related
I'm trying to get the back end of an app that was built by someone else, and then taked down, up and running again. I have uploaded the unmodified back end sourcecode to a dev server (not the original server it was on).
In the app, the URL to access a certain API is as such:
[hostname]/controllers/api/user/profile
and when looking at the back end php code, under the api folder there is a user.php file, and in that php file there is a function called "profile", and there is one for every api end point.
now the only way I know of to do this is to have an .htaccess file that redirects a request to /controllers/user/profile to /controllers/user.php?action=profile, and have a big switch statement in user.php that calls the function corresponding to "action" parameter.
But the weird thing is that there is no .htaccess file in the the api folder. The only .htaccess file is in the absolute root of the folder containing all the server code, and that just says deny from all
is there any other way to set up a server to cause requests to .../folder/functionName to actually call a function within a php file, other than using .htaccess?
It can be done through a PHP redirect. It is described here in details: How to make a redirect in PHP?
I have a folder which contain HTML, CSS, JS, image files across various folders. For security reasons I want to place it outside the web root.
I have come across a solution using file_get_contents function of PHP.
But then there is a problem with hyper-linking present in the page. For example, the link to the javascript file in the page:
<script src="lms/APIConstants.js" type="text/javascript"></script>
searches for the file in http://localhost/lms/APIConstants.js and returns an error of
Failed to load resource: the server responded with a status of 404 (Not Found)
http://localhost/lms/APIConstants.js
I am aware of using .htaccess file for hiding some folders from the web root. I am looking for some other insightful solution.
Finally solved this.. Might be helpful for others.
Steps that were followed:
Use a separate file for reading from outside web root (say filereader.php).
Call this file with URL encoding the local file path. http://localhost.ca/lms/filereader.php/path/to/local/file.html
Parse the URL to get the path - /path/to/local/file.html
Apply PHP's readfile() function to read from the obtained path.
Doing this, all the hyperlinks in file.html gets loaded from the following path.
http://localhost.ca/lms/filereader.php/path/to/local/
The mime-type for each file has to be defined. Also a proper http response code is to be thrown using PHP's http_response_code() when a file is not found.
Note: You might need to enable AcceptPathInfo in the Apache configuration.
when you include a file then code/script runs according to new path on which it is being included.
It finds the APIConstants.js file into the folder Ims which is in root directory.
but actually it is outside the root directory.
So give the path like this.. If Ims folder is one step down to the root directory.
src="../lms/APIConstants.js"
I know it a silly question but last night when I was working with my website's .properties file, I discovered this idea. I am using PHP script for my website where I have stored all my site properties values like image path, secure path.. etc in website.properties file. But I need to include this .properties file in each and every webpages to access the values in it.
My question is, like .htaccess file, can I add this .propeties file into server configuration? Is there any option available to sync this file with server configuration? Is Apache allowing us to do? In this case I don't need to add this file in every pages.
Look to the side of enviromental variables in Apache and PHP:
http://php.net/manual/en/function.apache-getenv.php
http://www.php.net/manual/en/function.apache-setenv.php
http://httpd.apache.org/docs/2.2/env.html
I am setting up a new website and currently if I go to mydomian/php/someScript.php it will execute the php script. How can I let the files that include this still include this but not let anyone else execute these scripts from the browser. Currently I have this in my .htaccess file:
deny from all
but when I visit the site a AJAX post request is made to a script in this folder and is getting back a 403 error.
Any ideas on how to achieve this are welcome.
====EDIT====
for clarity, some files in the php directory are requested by AJAX and I've now been made aware that these files cant have the desired permissions. However I would still like to put these permissions on the other files in this directory
Thanks
The best solution is to put them outside of the web root directory if at all possible, that way you can include them but the web server can't serve them, no configuration is required at all in this case.
EDIT: I noticed you want to allow access to the scripts by AJAX. There is no way of doing this as there's no way of telling the difference between an AJAX request or other types of HTTP request with any reliability.
You can still include those files from php, e.g. using include or require.
Calling it via AJAX is not different from calling it by entering the URL in the browser - i.e. you cannot block direct access but allow AJAX access.
On my server, a website resides within a directory similar to /domains/domain.com/public_html. I wish to keep the domain at this path, as all the main files are there, but is there any way to source some files from another location in my server, eg. /global/script.js?
In short, I hope to write a mod-rewrite than can source specific files from outside the DocumentRoot, or something very similar, but I cannot work out a solution.
I figure I could manage this by directing all files to a PHP script (css, js, php, images, etc), which will then work out what file is requested, load the files contents and return it with the correct header. I feel this will more than likely slow down all requests because I believe this requires more processes, is this correct?
No need for mod_rewrite: If all files are in the same directory, you can use alias.
Alias /MyMapDir /global/resources
a request to example.com/MyMapDir/script.js will be mapped to /global/resources/script.js
Note that this works in httpd.conf only!