I am a newbie to web development and I am trying to learn best practices as I go along.
I code and run my website locally using Dreamweaver on a local Apache server; Then I deploy it remotely and I test it there.
I use for my website (html, php and some js).
I have been facing an issue since I started this and I don't know any good practices to resolve it.
DOCUMENT_ROOT is a php variable that changes; Locally it points to xampp/htdocs (and not my actual website root xampp/htdocs/myWebsite) and remotely it points to my actual document root.
So right now I can't use this for the above reason so I end up locating files using the absolute path on the remote server.
Is there a good practice to avoid this?
PS:
I know I can change php.ini config file to change where DOCUMENT_ROOT points to but I don't want either..
Also, I can't hard code relative paths (as commentators have suggested) because I have a scripts running from different directories... So I can't hard code relative paths there
Another way to go about it. Create a configuration file and determine if the site is running on a local site or live site, then include that configuration file on each page. You can also set settings like error reporting and database connections for each this way.
//Determine if Server is local system or live site
if(stristr($_SERVER['HTTP_HOST'],'local')||(substr($_SERVER['HTTP_HOST'],0,7)=='192.168')){
$local=TRUE;
}
else {
$local=FALSE;
}
if($local){
define('BASE_URL','http://localhost/localsite/');
define('BASE_URI','C:/localserver/htdocs/localsite/');
}
else{
define('BASE_URL','http://www.example.com/');
define('BASE_URI','server/directory/pathToRoot/');
}
Then you can use the defined constants in your php pages to define your paths. For example:
include(BASE_URI.'directory/filename.php');
Some Link
And it will work correctly on each deployment.
Related
I have web application. i am using WAMP server.
I have developed web application and put my application files under "login" and then in "www" folder of wamp.i.e. Drive:\wamp\www\login\
now when upload my file to the web host that goes directly to "www" folder and there is no "login" folder there. so my existing links on localhost e.g.
http://localhost:8081/login/dashboard.php
turning to http://example.com/login/dashboard.php.
now as there is no login folder, because of wrong path, link is breaking.
there is one way, that i change every link everytime before uploading to webserver, which is time consuming and prone to errors.
is there any simple way i.e. dynamic way that my links work perfect both on localhost as well as web server.
so that the link on localhost on web server the link should be http://localhost:8081/login/dashboard.php direct automatically to http://example.com/dashboard.php instead of http://example.com/login/dashboard.php
i tried using $_SERVER["DOCUMENT_ROOT"] but it point local drive path and did not work well for me..
any help really appreciated.
Have you tried to work with relative paths?
$path = "/login/etc..."
This way you don't have to change the paths each time. I think php even has a function to turn relative paths to absolute ones.
I have been using "Delphi PHP XE2". The file structure has worked fine for over a year on the development machine and the production.
The folders are organised as follows.
src/app_login.php
src/add
src/css
src/js
src/fnc
src/db
src/images
etc.
I am just trying out PHPSTORM. The include files work fine. When I run it in Firefox it can find all images, JavaScript files, etc. But it can not find the CSS files as it is looking for them in
css
rather than
src/css
I haven't changed anything.
Why is the browser now looking at absolute path rather than relative?
How did PHPStorm manage to tell it that?
And how do I coerce it to treat them as relative paths?
I see that in the browser it runs it as:
http://localhost:63342/SRC/app_login.php
instead of
http://localhost:63342/app_login.php
I guess this the problem. How do I coerce it to move down one directory level?
I am trying to set up IIS, I think this might be best for later on. Here are the screen shots:
I configured the hosts file so that when I type wys.com in the browser it tries to run it and shows a blank page. If I type in 192.168.1.0 it just shows a blank page. View Source shows nothing. I was expecting it to run the index.html at d:\wys\src. Why is the browser not running it?
You are using PhpStorm's own simple built-in web server which uses URLs like http://localhost:63342/ProjectName/app_login.php. You cannot make http://localhost:63342/app_login.php using such server as it will not be able to tell what files to serve.
Either use your own Apache/IIS/whatever web server .. or the best you can get with built-in server would be http://ProjectName:63342/app_login.php(IDE needs to know what site/files to serve somehow). For that:
Edit your hosts file (or local DNS server, if preferred and have one) and point ProjectName to your computer's IP (e.g. 127.0.0.1).
Create Deployment entry of correct type (In Place should do), configure it (provide desired URL etc -- http://ProjectName:63342/) and mark it as Default for this project -- now IDE will use URL from there when generating "open in browser" URLs.
I've got a bit of a dilemma, and it's been bothering me for quite some time. I have a local testing server that's set up like so: 127.0.0.1/
My website in offline mode looks like this:
127.0.0.1/websitename/index.php
My live version of the website looks like this:
websitename.com/index.php
I've got the base script for almost all of the links, except for the including header and footer files.
The links in the footer and header files work except for the home page (on the root of the website).
Could anyone redirect me to a proper method of doing multi sub directory base URL linking for both offline and online?
I’ve tinkered around with most of the $_SERVER[] tags and attributes, as well as parse_url().
There's an easy and cool thing you can do in local server called: Virtual host, which allows you to create subdomain to access your local website without entering subdirectories in the url.
Example:
You can do something like the following to access your files:
mysite.localhost/ which is exactly the same as localhost/mysite/index.php
In that way, you don't have to worry about subdirectories when moving you website to the online server.
Links for virtual host:
WAMP
XAMPP
I’ve tinkered around with most of the $_SERVER[] tags and
attributes, as well as parse_url().
Don’t tinker with them. There’s no clean/automated way to do what you are doing. Just set a base path manually in a config file & don’t worry about it—relative paths—ever again. And if you need to set a base URL, the process is similar.
So as far as a file base path goes, you should explicitly set a $BASE_PATH like this:
$BASE_PATH = '/full/path/to/your/codebase/here/';
If you don’t know what your file system base path is, just place this line of code in your PHP code; like index.php:
echo "Your path is: " . realpath(dirname(__FILE__)) . "<br />";
Then load that page. Somewhere near the top will be this text:
Your path is: /full/path/to/your/codebase/here/
Then with that set you can change your code to be something like this:
And then set your include_once like this:
include_once $BASE_PATH . 'includes/myfile.php';
Some might say you should use $_SERVER['DOCUMENT_ROOT'] or even dirname(__FILE__) directly with the implication being that you can simplify code portability that way. But the way file paths are set for installs can vary so it just never works well & the chances of you getting snagged on an odd server quirk is high.
It’s always best to just to manually set a $BASE_PATH in a config file when you move code than deal with the headaches caused by PHP constants like $_SERVER not being consistent between installs, setups & configurations.
And as far as a base URL goes, just follow the same thinking with this being on your local development setup:
$BASE_URL = '/websitename/';
And this being on your production server:
$BASE_URL = '/';
So with that $BASE_URL set then you can just do this:
I’ve got the base script for almost all of the links, except for the
including header and footer files.
Now just prepend any path you might need requested via a URL with $BASE_URL & you should be good to go.
I suggest you move to a development environment which more closely reflects the live system. For this, you can run a WAMP server and configure it to serve your web site as a domain like mysite.local and then you simply edit your hosts file so that mysite.local resolves to your 127.0.0.1. Then you just type mysite.local into your browser, it resolves to your local PC, and make sure apache is configured for virtual hosts and listening on port 80.
Your hosts is a local DNS lookup file found in windows\system32\drivers\etc. You may need to open it in Notepad which is run as administrator in order to be able to edit it.
I am developing a website on php, I have installed wamp on my personal computer and my website files are in the www folder of wamp.
now considering www as my root folder i have a template folder in the root folder and header.inc.html file in the template folder. when I try to include this header.inc.html file in any other php file using an absolute path include('/template/header.inc.html'); it gives me error "Failed to open stream: No such file or directory", but when I create a simple html link using the same absolute path it works perfectly and opens the file. below is my test code
<?php
echo 'headerfile';
include('/template/header.inc.html');
?>
if I give the full path for example C:/wamp/www/template/header.inc.html to the include function it works fine.
I am confused that this problem is occurring on my wamp server only and it would work perfectly on any webhost server, or maybe the same problem will exist on a webhost
I would appreciate any help that would clarify my confusion, Thanks.
Absolute paths on the server start from the server's hard disk (C:\).
Absolute paths on the client start from the root of the website (http://example.com/).
You can make use of __DIR__ to make some file on disk relative to the php-file on disk itself:
include(__DIR__.'/template/header.inc.html');
This should solve your issue.
The difference is not that easy to explain because both types of paths - even related - are two pair of shoes. I suggest you start with a very basic HTML website tutorial that explains how to link on your website and where files are located and how that is related to the webserver configuration.
HTML pages live in the client's browser that know nothing about your server's folder structure, and they're relative to the domain name eg. http://example.com/.
PHP programs run on the server side and they deal with the server folders. You shouldn't hardcode full paths in your php programs, because it will cause problems whenever you'll move them between the development server and the live host (just to name an example). Therefore in php files you should either use relative paths to your file, or use the __DIR__ magic constant that gets substituted with the directory where the php file is.
1.) First approach: include('template/header.inc.html');
2.) Second approach: include(__DIR__ .'/template/header.inc.html');
In your case (working on a development machine) both the client and the server is the same box, that might be confusing you.
This may be a really stupid question...I started worrying last night that there might be someway to view PHP files on a server via a browser or someother means on a client machine.
My worry is, I have an include file that contains the database username and password. If there were a way to put the address of this file in to a browser or some other system and see the code itself then it would be an issue for obvious reasons.
Is this a legitimate concern?
If so how do people go about preventing this?
Not if your server is configured right. I think discussion on how that is done belongs on serverfault.
To add on to the other answers:
If you use a file extension like .inc there's indeed a higher risk. Can you open the file directly in your browser?
The most important advice is missing:
Only the files that should be accessed by a browser, should be in a publicly accessible location. All the other code (and configuration) should be in a completely separate directory.
For example
root
- webroot
- includes
- config
Only 'webroot' is exposed by your webserver (apache). Webroot can for example contain a single index.php, along with all your assets (javascript, css, images).
Any code index.php needs to load comes from 'includes' and all the configuration from 'config'. There's no way a user could ever directly access anything from those 2 directories, provided this is done correctly.
This depends on the file extension you have given the include file.
If the extension is one that is known and executed by the web server, it will be protected. If you browse to the file, the server will try to execute the code rather than just returning it as plain text.
If the extension is not known by the web server it will serve it as plain data, so anyone (who can guess the file name) can browse to the file and see the source code.
A Directory Traversal Vulnerability can used to obtain files off of the remote mahine. Alternatively you can use MySQL based sql injection to read files using load_file(). You can also test your system with w3af's urlfuzzer which will look for "backup files", such as index.php.zip. Also make sure that all files have .php extensions, a .inc can be viewed from the public. I would also disable Apache directory listing.
Normally there should be no way to view the PHP files remotely... it would be absolutely pointless. This completely depends on what web server you are using and how it's setup though.
Having looked around I can see that it is possible to protect a directory via the .htaccess by adding these lines:
Order allow,deny
Deny from all
This apparently protects the directory so that only local non web-access is possible.
This allows me to keep my includes in a subdirectory of the main site directory which is good for organisation and it can be used on the projects where I do not have access to folders outside the web root.
Does anyone else use this method?
Just for good measure I've put the directory permissions to execute only.
And the include extension is PHP as suggested by others.