So, i'm a total noob with codeigniter but i'm getting by.
I have a domain name on iPage. Currently, I am using codeigniter w/ my codeigniter project inside htdocs which is inside XAMPP. Everything is working great on localhost, but I am totally lost on where to start concerning how to put my project onto my web hosts server.
There is not much to it.
The following part, does not really belong here, but I guess I like to start from the beginning.
You need a domain name and hosting space(with a php server ofcourse).
The hosting provider will provide you with ftp access and a control
panel to access your files. You need to add nameservers to your
domain name to associated it with your hosting space.
www.yourdomain.com/ will point to your hosted files. (This might take a couple of days to take effect).
To answer your question:
Now, you can simply upload the contents of your project to your home
directory on the hosting server. You can organize it the way you want
with subfolders etc. You'll also need to make server specific changes
like mentioned here
You might also need to check if any php libraries need to be enabled on your server.
CodeIgniter is installed in four steps:
Unzip the package.
Upload the CodeIgniter folders and files to your server. Normally the index.php file will be at your root.
Open the application/config/config.php file with a text editor and set your base URL. If you intend to use encryption or sessions, set your encryption key.
If you intend to use a database, open the application/config/database.php file with a text editor and set your database settings.
If you wish to increase security by hiding the location of your CodeIgniter files you can rename the system and application folders to something more private. If you do rename them, you must open your main index.php file and set the $system_path and $application_folder variables at the top of the file with the new name you’ve chosen.
For the best security, both the system and any application folders should be placed above web root so that they are not directly accessible via a browser. By default, .htaccess files are included in each folder to help prevent direct access, but it is best to remove them from public access entirely in case the web server configuration changes or doesn’t abide by the .htaccess.
If you would like to keep your views public it is also possible to move the views folder out of your application folder.
After moving them, open your main index.php file and set the $system_path, $application_folder and $view_folder variables, preferably with a full path, e.g. ‘/www/MyUser/system’.
Reference: https://www.tmdhosting.com/codeigniter-hosting.html
Related
I'm working with a website that I didn't build, that uses CodeIgniter as its framework. I had a relatively simple task: secure the site with an SSL certificate. No problem.
Except, the site will not load with HTTPS, although it still loads correctly using HTTP. It gives the following error with HTTPS:
Your system folder path does not appear to be set correctly. Please open the following file and correct this: index.php
Now, the error message seems self explanatory...change the system path in the index.php file, but this is what the system path is set to in that file:
$system_path = '/codeigniter/2_1_3';
Fine, but this folder doesn't exist in the directory structure, and neither does a folder named 'system.'
So, I really don't have a clue how to fix this problem. It isn't even clear to me how the website functions at all since I can't find the folder it is supposed to be using as its system folder.
Any help would be appreciated. Please ask if there is any additional information you need to help.
I have been reading about where to securely save a PHP file that has my mysql database connection password. I understand from the forums that it should be saved in a folder above the webroot. I have a cloud server from a hosting company.I have access to root
The path to the public files is as follows:-
/var/www/vhosts/mydomain.co.uk/httpdocs/afile.php
Say I have a PHP file (containing my password) called sqlpassfile.php
Would the following be okay as a place to securely store it? ie in a new folder called Newfolder after vhosts??
/var/www/vhosts/NEWFOLDER/sqlpassfile.php
Sorry for a simple question but just want to make sure its secure
Thanks
All the nowadays PHP framework you will find do, indeed store their whole code base in a level under the web root.
They do not only store informations like credentials actually, they do store all the business logic of the application outside of the web root. They will then only allow a facade file to be accessed (most of the time a index.php or app.php) that will, then, with the help of controllers, handle every request and route you to the right page/content, and, of course, all the static content the site will use (your design images, your css, your js, ...).
For example :
Zend Framework does use a public folder where you will find an index.php and all the static files
Symfony does use a web folder where you will find two files app.php and app_dev.php and again all of the static files
So in your case you could do
/var/www/vhosts/example.com/httpdocs/ is the web root of your server
/var/www/vhosts/example.com/app/ store all the php code you need
/var/www/vhosts/example.com/app/config store all your configuration file, and then maybe your credentials files which you can call sql_config.php
/var/www/vhosts/example.com/httpdocs/afile.php will require_once '../app/config/sql_config.php
Usually, People just save the database connection information in a regular PHP file, for example, Wordpress saves the connection info in it's wp-config.php. Simply because nobody is able to see your password by visiting that php page, nothing is returned.
To make it more secure, you can disable access to php file while mod_php stopped working. Try this in you .htaccess
<IfModule !mod_php5.c>
<Files *.php>
Order Deny,Allow
Deny from all
</Files>
</IfModule>
Please also have a look at this post:
Password in file .php
Whether your method is safe depends on the configuration of the server, something that providers are not often very good at documenting.
Your first line of defence is keeping what is essentially confutation data inside a file named with a .php extension. So if it is accessible from a browser the webserver will execute the file rather than returning the data. You certainly want at least 2 levels of security on your data (each of which you have tested independently).
Considering the path you have chosen, /var/www/vhosts/NEWFOLDER/sqlpassfile.php what happens if you request http://NEWFOLDER/sqlpassfile.php from the server? (In most cases, nothing but once in while....) Generally its better practice to keep it well clear of the directories your webserver uses.
For some reason when I create a project in netbeans and go to run the project it also loads the xxamp index file and not the project index file that is apart of the codeigniter installation.
http://screencast.com/t/qOSH80wPgvf
Edit:
Here is my file tree I have right now set up for my project. Why Netbeans creates an important files folder I have no idea for my CI project. I have edited the index file to have the application and system variable to both have the ../system or applicaton as its value. I have changed the Web Root inside the project properties to have a value of public_html and I have also changed the value of the Index File field to say index.php.
After doing this and running the project I would expect to get the default Welcome to Codeigniter page and I don't. I am receiving a message that shows the following. Any ideas on why this is?
Object not found!
The requested URL was not found on this server. If you entered the URL manually please check your spelling and try again.
If you think this is a server error, please contact the webmaster.
Error 404
localhost
Apache/2.4.4 (Win32) OpenSSL/0.9.8y PHP/5.4.16
Projects
- MyFirstProject
- Source Files
- application
- public_html
- assets
index.php
- system
- Test Files
- Important Files
- Include Path
I've tried doing some additional research on the topic and have yet to come up with a solution.
Edit 2:
Any ideas from anyone?
Your problem is likely related to your choice of folder layout. Which I assume you do, for "security reasons". That said, NetBeans isn't a server. Its an IDE, so you can't manipulate it the same way you would the server.
Most servers by default define your "root" folder as "public_html" or "www" as far as where it looks by default to serve files for public consumption. Through the use of PHP you can tell the index.php that comes with CodeIgniter to look up one directory outside of the defined root and have it read the file(s) accordingly.
However, to setup a project in netbeans and have all files and folder accounted for accordingly you need to tell it that all your files start in whatever folder they reside. So it can load all the files and read from them respectively. This in essence and in respect to server logic is telling it that the folder that houses
application
public_html
system
is the define root path. So inadvertantly by breaking out of the design of codeigniter and placing the core files outside of what would be your defined root on the server is breaking your project. There is not an index.php depicted in your listing above at the same level that those folders are in. If there is, its the index.php for xxamp that keeps loading for you by default.
What you need to do is stop trying to implement your "security measures" and put them in the right order. Or.. not include that folder in your project telling it the one with assets and index.php is the root path. If netbeans is smart enough it will find the files and folders outside like the server will.
Right click on your project and go to properties. Make sure that in the run configuration the URL is correct and the index file is properly set up and matches your directory in xxamp.
after downloading codeigniter open index.php file and there set your path correctly to your
application folder because i think you putted your index.php inside public_html folder so
the path which is set by default in index.php is not working and can not find application folder, try to fix it and it will work fine your problem is not with netbeans.
This may be a really stupid question...I started worrying last night that there might be someway to view PHP files on a server via a browser or someother means on a client machine.
My worry is, I have an include file that contains the database username and password. If there were a way to put the address of this file in to a browser or some other system and see the code itself then it would be an issue for obvious reasons.
Is this a legitimate concern?
If so how do people go about preventing this?
Not if your server is configured right. I think discussion on how that is done belongs on serverfault.
To add on to the other answers:
If you use a file extension like .inc there's indeed a higher risk. Can you open the file directly in your browser?
The most important advice is missing:
Only the files that should be accessed by a browser, should be in a publicly accessible location. All the other code (and configuration) should be in a completely separate directory.
For example
root
- webroot
- includes
- config
Only 'webroot' is exposed by your webserver (apache). Webroot can for example contain a single index.php, along with all your assets (javascript, css, images).
Any code index.php needs to load comes from 'includes' and all the configuration from 'config'. There's no way a user could ever directly access anything from those 2 directories, provided this is done correctly.
This depends on the file extension you have given the include file.
If the extension is one that is known and executed by the web server, it will be protected. If you browse to the file, the server will try to execute the code rather than just returning it as plain text.
If the extension is not known by the web server it will serve it as plain data, so anyone (who can guess the file name) can browse to the file and see the source code.
A Directory Traversal Vulnerability can used to obtain files off of the remote mahine. Alternatively you can use MySQL based sql injection to read files using load_file(). You can also test your system with w3af's urlfuzzer which will look for "backup files", such as index.php.zip. Also make sure that all files have .php extensions, a .inc can be viewed from the public. I would also disable Apache directory listing.
Normally there should be no way to view the PHP files remotely... it would be absolutely pointless. This completely depends on what web server you are using and how it's setup though.
Having looked around I can see that it is possible to protect a directory via the .htaccess by adding these lines:
Order allow,deny
Deny from all
This apparently protects the directory so that only local non web-access is possible.
This allows me to keep my includes in a subdirectory of the main site directory which is good for organisation and it can be used on the projects where I do not have access to folders outside the web root.
Does anyone else use this method?
Just for good measure I've put the directory permissions to execute only.
And the include extension is PHP as suggested by others.
I have a php account with my provider, and I also have cpanel installed for me.
I currently have two drupal sites there, let's called the main myMainSite and another one under construction called myNewSite.
So when I go to www.myMainSite.com, I go to the main site. When I go to myNewSite.myMainSite.com, i go to the drupal site that is under construction.
My question is, when my under construction site goes live, I want that all users that go to www.myMainSite.com see the new site (the one that is under myNewSite.myMainSite.com).
How can I accomplish this with cpanel? is it within the "addon domains" configuration?
I don't want a redirect that changes the address bar, ie, I want to keep the original url.
You would just change the DocumentRoot of www.mainsite.com to point to the same DocumentRoot as myNewSite.myMainSite.com.
I assume you've used cPanel's subdomain control panel to add myNewSite.myMainSite.com. And I'll assume myMainSite.com is in the /public_html/ folder. Therefore the new site (and site with a subdomain) will be at /public_html/myNewSite.myMainSite.com
Why can't you just use File Manager (or FTP) to move all the files in /public_html/ to /public_html/OLDsite?
Then move everything from /public_html/myNewSite.myMainSite into the /public_html/ folder.
Then check your site is working with the new files.
Maybe you could also send a support ticket to your host to see if there's another way. It could be as simple as them changing something in Apache's conf file for the myNewSite.myMainSite.com subdomain.
I'd also think you'd need to change the settings in Drupal (when you've changed domain) so Drupal knows the new domain name too.
I recommend you to have main 2 user accounts call oldlive and newlive.
you may have domain like
oldlive.myMainSite.com and newlive.myMainSite.com
Then you can add Park Domain myMainSite.com to oldlive.myMainSite.com when you not ready.
Once you are completed new site which currently in newlive.myMainSite.com, you will remove park domain from oldlive.myMainSite.com and move to newlive.myMainSite.com.
then you can transfer domain smoothly.
You can use "Redirects" option in cPanel to redirect all visitors from old to new site.
Or you can simply change Virtualhost in Apache for your main domain to directory of your finished (currently under construction site).
Agree with the previous answer. If you would like to load the sub-domain's contents on the main site then you will need to move the data from sub-domain's directory to root directory that is public_html.
Just make sure, you do not have any live site on your main domain, If your main domain has the working site for it and you will upload the contents under the root directory then your website won't work due to conflict in contents.
If it's not possible then you will need to upload the contents under one sub-directory in public_html and after that you can access the site by yourP_website_name/directory name.
Once you will done with the moving contents then you will need to update the base UR Lto the new site URL.It is present in cPanel >> File Manager >> public_html >> Sites/Default/Settings.php