I am working with a website built (not by me) on Zend framework.
I have made a small website (for a Facebook app) built on simple html with custom php (no Facebook API used), which, if put in public/ folder (so that it can be reached via *www.main_site.com/my_small_site*), does not work (I get Warning: file_get_contents() [function.file-get-contents]: URL file-access is disabled in the server configuration).
The php.ini on the website, however, contains allow_url_fopen = on, so my guess is that all my php files should be simply put somewhere in the application/ folder, instead of the public/ folder.
The websites don't use shared files, they are independent. And purchasing another hosting is an expensive option.
I am absolutely new to Zend, and learning how to make my own controllers/views will consume too much time, so this is the last option to consider.
How can I solve this problem?
Access .php located in application/ from *public/my_small_site/index.html*? (is it possible without touching the main website's public/index.php?)
Create a new view and put my small website there? (how can I make it accessible from the web?)
Still consider new hosting/subdomain options?
Any other solutions?
Thank you!
public/ is the correct place to put your Facebook app. The error doesn't lie - are you 100% sure the php.ini file you checked is the one being used? I'd suggest you create a phpinfo file as explained here https://kb.mediatemple.net/questions/764/How+can+I+create+a+phpinfo.php+page%3F#gs - this will let you view the configuration PHP is using. See what allow_url_fopen is set to there. If it is set to 'off', there might be a different php.ini file you need to change.
Otherwise, contact your host.
Related
many wordpress-uses are not able to auto-update/upgrade their WordPress and plugins to a newer version without providing their FTP connection information. This is a difficult issue - since WordPress can’t write to the /wp-content folder directly.
i am on a root server and the server admin enables me to use sftp-client (like filezilla and WinSCP [no SSH itself ) to do all kinds of upload to the server.
question: untill now i have difficulties to get a auto-update option for themes and plugins – since here we need to have the ftp-credentials (and method): i am looking for a method to keep my WordPress install up-to-date and installing plugins in a hassle-free manner:
since it is not so easy if i server uses SFTP. i need a tool or a method to do this.
are there methods, ways and workaround for doing so – e.g. using phopseclib to remedy these deficiency!?
Well: how to go round this issue? I have tried to read through the documents: Is it correct that
a. one method is to define the FTP details in the wp-config.php file so WordPress will remember it.
b. write-access to /wp-content folder: another way and method is to provide WordPress with write access to the /wp-content folder by accessing the FTP root file and changing the folder file permission (CHMOD)
to 775 rather than the default 755 and 644.
But wait: there is a interesting workaround for doing so: we can do this by defining constant, FS_METHOD in the wp-config.php file. this way bypasses WordPress’s recurring prompts - and doing so we allow the wordpress auto-updates of the files to work.
a. Open /wp-config.php - located at wordpress/wp-config.php
b. Insert FS_METHOD: write the following line of code to the wp-config.php file, just below every other line of code.
define('FS_METHOD','direct');
FS Method
question: untill now i have difficulties to get a auto-update option for themes and plugins – since here we need to have the ftp-credentials (and method): i am looking for a method to keep my WordPress install up-to-date and installing plugins in a hassle-free manner: note: i am on a root server and the server admin enables me to use sftp-client (like filezilla and WinSCP [no SSH itself]!!) to do all kinds of upload to the server.
is this above described method okay to get a alternavive method to auto-update my wordpress-themes and plugins?
update: see the important thread:
What security concerns should I have when setting FS_METHOD to "direct" in wp-config?
https://wordpress.stackexchange.com/questions/189554/what-security-concerns-should-i-have-when-setting-fs-method-to-direct-in-wp-co
What I would like to know is what real concerns should I have around setting FS_METHOD to direct? Are there any other alternatives to installing the plugin? This is what the official documentation has to say:
FS_METHOD forces the filesystem method. It should only be "direct",
"ssh2", "ftpext", or "ftpsockets". Generally, you should only change
this if you are experiencing update problems. If you change it and it
doesn't help, change it back/remove it. Under most circumstances,
setting it to 'ftpsockets' will work if the automatically chosen
method does not.
(Primary Preference) "direct" forces it to use Direct File I/O
requests from within PHP, this is fraught with opening up security
issues on poorly configured hosts, This is chosen automatically when
appropriate.
head over to the answers to this: https://wordpress.stackexchange.com/questions/189554/what-security-concerns-should-i-have-when-setting-fs-method-to-direct-in-wp-co
Is it possible to deny access to files and folders within the web root without using .htaccess or file permissions? A universal solution that works with all servers?
This relates to a flat-file framework I'm making with PHP where the requirement is basically "drag the project folder in the web root to launch the site." The other goal is for there to be a front-end interface where the client can log in and edit content.
I deal a lot with shared hosting accounts where I can't always change the web root. Additionally, I don't necessarily want to rely on developers manually setting file permissions. The reason why I don't want to use .htaccess is that, one, it relies on the host being an Apache server, and, two, it relies on specific Apache settings.
EDIT: specificity
This was answered here with a couple of really great answers you'll probably find useful:
Prevent access to files from Apache without .htaccess
The first suggests setting permissions to be inaccessible and CHMODDing them with PHP when you need to access them.
The second suggested you place them outside of your web root but keep them accessible by PHP (using include(), I would assume).
Either or should accomplish what you're hoping. (Wish I could comment stuff like this.)
Our main website uses symfony 1, and by the time I started working on the code it seems impossible to upgrade (too much custom code from previous developer). Now we are adding a large addition to what the company offers. Instead of using a really old framework I wanted to use CodeIgniter, also since I'm very familiar with it. My real question:
What is a proper way of setting up a website to use multiple frameworks. The new features will be separate from the original website, but it will still need a few tables of the database.
I was going to have apache handle where the root directory was depending on the url and just do everything normally. The main website is example.com and the new feature will be abc.example.com
I'm really looking for people who have done this and some tips and warning they had.
PHP will run the framework based on which directory is loaded on the server. For instance, on most apache servers the root directory for example.com would be /www. Which means all of the code for Symphony would be in /www/*.
When you setup the path of your subdomain, just put it outside of the /www folder. Then, when you go to abc.example.com apache won't try to load the original site along with the Symphony framework.
I think it will be fine for both frameworks to share the same database tables. I'm not entirely sure how you plan for these two applications to work, but as long as you don't change the column names and types you should be okay.
If you don't want the applications to share the data in the original table, then look into using mysqldump or something of the like to copy the data over to a new table.
We have a custom PHP/MySQL CMS running on Linux/Apache thats rolled out to multiple sites (20+) on the same server. Each site uses exactly the same CMS files with a few files for each site being customised.
The customised files for each site are:
/library/mysql_connect.php
/public_html/css/*
/public_html/ftparea/*
/public_html/images/*
There's also a couple of other random files inside /public_html/includes/ that are unique to each site. Other than this each site on the server uses the exact same files. Each site sitting within /home/username/. There is obviously a massive amount of replication here as each time we want to deploy a system update we need to update to each user account. Given the common site files are all stored in SVN it would make far more sense if we were able to simply commit to SVN and deploy to a single location direct from there. Unfortunately, making a major architecture change at this stage could be problematic. In my mind the ideal scenario would mean creating an account like /home/commonfiles/ and each site using these common files unless an account specific file exists, for example a request is made to /home/user/public_html/index.php but as this file doesnt exist the request is then redirected to /home/commonfiles/public_html/index.php. I know that generally this approach is possible, similar to how Zend Framework (and probably others) redirect all requests that dont match a specific file to index.php. I'm just not sure about how exactly to go about implementing it and whether its actually advisable. Would really welcome any input/ideas people have got.
EDIT AllenJB's comment reminded me that we have previously explored AliasMatch as a potential solution to this, we ended up with an general.conf file for a user that looked something like this:
php_admin_value open_basedir "/home/commonfi:/home/usertes:/usr/lib/php:/usr/local/lib/php:/tmp"
php_admin_value include_path "/home/commonfi"
AliasMatch (.*).php /home/commonfi/public_html/$1.php
AliasMatch (.*).html /home/commonfi/public_html/$1.html
You can set this up via the Apache configuration - you probably want Alias, but there are several options:
http://httpd.apache.org/docs/2.2/urlmapping.html
You certainly can build a "cascading" system as you describe (load local file, if that doesn't exist, load global file). The complexity is that the files are loaded in different ways (using include() in PHP, through the web, ... maybe even more ways?)
Filesystem includes
If the includes/ consist of files containing one PHP class each, you could use an autoloader like Zend Framework does. The autoloader would look first for a custom version of the include file, and if it doesn't find one, include the global version instead. I happen to have such an autoloader handy if you need code to start with.
If the includes don't match the one-class-per-file structure, you would have to build a custom include() function that fetches the local version of the file or, failing that, the global one.
Pseudo-code:
function fetch_path($name)
{
if (file_exists(LOCAL_DIRECTORY."/$name")) return LOCAL_DIRECTORY."/$name";
if (file_exists(GLOBAL_DIRECTORY."/$name")) return GLOBAL_DIRECTORY."/$name";
return false;
}
Web resources
The second part is going to be the web part (i.e. Web URLs with local or global files). I think this should be pretty easily solvable using the -f switch in a .htaccess file. You would build a rule that rewrites failed requests (!-f) to the local web resources directory (example.com/css/main_stylesheet.css) to the global one /home/commonfiles/public_html/main_stylesheet.css). You would need to fiddle around with Apache's server config to be able to rewrite local requests to the commonfiles directory, but it should be possible.
That is maybe worth a separate question.
Coming from a .net background so bear with me!
Does php have anything like a web.config or a global.asax file or is it simply dropping the application in the file system and boom it is running on the web server? (obviously dropping the files mapped in apache for the domain etc).
Specifically thinking of setting up wordpress.
PHP is a parser itself. It is not a framework. In ASP.NET, it is a Framework and thus it has its own config files.
As for PHP, we have php.ini - the PHP configuration that sets how PHP behaves and so on.
However for application level, you can create your own configuration file. Normally if you use a PHP framework, they will have an application level configuration file (eg. "config.php") which will decide how the framework will work and so on.
Wordpress installation is quite simple.
Just drop the files ;-)
Of course, you'll need to have created the database (and db user), set up the Apache's VirtualHost, and you'll have to configure the application itself...
... But there is no notion of "application server" in PHP+Apache.
About wordpress, there should be some file explaining how to install, btw ; but it's not harder than dropping the files, maybe creating the configuration one, and a couple of "next" screens ;-)