I am having trouble trying to get a file to be included into a php script. This file is stored in the root folder, which is not the actual web root, but the root directory that I have access to via the shared hosting account.
I have created a folder in this directory that stores php session data, the .htaccess configuration regarding this would be the following line:
php_value session.save_path "/usr/home/accountname/sessions"
The web root would be stored in this directory:
/usr/home/accountname/public_html/domainname/
What I am trying to do is secure the scipt that holds database connection details, in a folder that would be something like this:
/usr/home/accountname/includes/
This is how i currently include the file:
require_once $_SERVER['DOCUMENT_ROOT'].'/includes/config.php';
I have tried this:
require_once $_SERVER['PATH'].'/usr/home/accountname/includes/config.php';
As $_SERVER['PATH'] points to /bin
This is not working as the page comes out blank, this would mean that the variables defined in config.php are not active as the page has not been included.
Could anyone provide some information regarding this matter, or point me in the direction of solving the problem. Also, any tutorials or other info regarding this would be greatly appreciated.
Thank you!
If the script including config.php is stored under your Web root, you can write:
require_once dirname(__FILE__) . '/../../includes/config.php';
Have you already tried?
If your script is in /usr/home/accountname/public_html/domainname/something.php, you could use this:
require_once(dirname(dirname(dirname(__FILE__))).PATH_SEPARATOR."includes".PATH_SEPARATOR."config.php");
Related
Sorry for you advanced guys, I'm actually teaching myself some PHP so this may seem like a beginner's question.
I'm using a testing server and then uploading to a remote server. The index.php file is located in "C:\XAMPP\htdocs\php_site" on my local pc and in "home/www/myname.atwebpages.com/" on the remote server. Now the code I'm trying to run is just a simple:
define ('ROOT', $_SERVER['DOCUMENT_ROOT']);
include ROOT."menu/menu.php";
This code works fine for the remote server. However, when attempted on my local machine, it spits out this error:
Warning: include(C:/XAMPP/htdocs/menu/menu.php): failed to open stream: No such file or directory in C:\XAMPP\htdocs\php_site\index.php on line 21
Clearly, it's not looking in the php_site folder. Instead, it's tying to find a menu folder in the htdocs directory, but it's not there. The menu folder is located inside the site folder, php_site. If I chance around the code to work on the local machine, it no longer works on the remote server. I'm a little confused as to how to get around this problem.
I think $_SERVER['DOCUMENT_ROOT'] is defined by apache, so you'd need to change the config there. Or, define the ROOT constant relative to where you actually put your files, so if you do something like:
define ('ROOT', dirname(__FILE__));
Put that in a constants file in the same folder as your index.php.
Your document root on the remote and local machines is different. On your local machine your document root is the htdocs directory, and the php_site folder is merely a sub-folder, and thus the path is wrong.
I suggest either making the ROOT directory be a relative directory to the index page, or have a constants file in the root directory of the PHP site that defines the root directory as the directory it is in (which would be in the php_site directory on your local machine, the same directory as your index page). define ('ROOT', dirname(__FILE)); would work in this situation.
Another idea is to use a try-catch to catch the failure of the include statement, and attempt to try another directory, perhaps using define ('ROOT', $_SERVER['DOCUMENT_ROOT']); first, and if it fails, attempt to use define ('ROOT', $_SERVER['DOCUMENT_ROOT'] . 'php_site/'); instead.
I'm a newbie.
I have a php script located here /var/www/check_login.php that includes sql login information in plain text. This file is accessed to verify correct user credentials by my login page /var/www/login.php via <form name="" method="post" action="check_login.php">
I'd like to store check_login.php outside of web root directory so it cannot be accessed remotely.
How would I tell login.php to access check_login.php outside of the web root directory?
I'm guessing its not as simple as action="/var/<new folder outside of root>/check_login.php
Thanks!!
Move file with credentials to one level up directory and in file check_login.php
include('../credentials.php');
You're on the right track. Create a different folder for your site in /var/www. I like to do this setup:
/var
---/www
-------/mysite
----------/html
----------/config
----------/lib
etc. In apache, I tell it my document home is
/var/www/mysite/html
and then I store any config files (like MySQL credentials or classes) in /var/www/mysite/config. Then, I can include these files with something like:
require_once("/var/www/mysite/config/mydbcreds.php")
In your example, login.php would need to call your check function in this file, and would be able to if you require it to be included. Check out my answer here on how to use a MySQL connection class that may save you some time and headaches.
Create a new page for your database connection information and move that to /var/
You can then use your HTML action="check_login.php"
and on your check_login.php script, use the solution which Gustek suggested:
include('../credentials.php');
You can simply use include('path of folders/ your_ logging_data .php);
If you're on a shared hosting plan, I would simply create a new folder outside my website root and have all my non-public files in there. Then in the php.ini file for your website, I would edit the include path to include this new folder. In your .php file, simple put require("the-non-public-file.php"); at the top, i.e, without the absolute path.
Am trying to use a config file for a database and rating script but the problem is the config file is in this directory :
website.com/include/config.php aka websitename/include/config.php
The rating script needs the config and is accessed like this:
include_once("config.php");
I want the config to be in:
"/files/website/"
A directory level up from the website root folder.
I have been trying with:
"../files/website/" and other variations but can not figure out how to link them.
I have managed to put one config file and access it, but with this ajax rating script the only way for it to work is to have the config in the /include/ folder next to:
rating_process.php - has this link : include("inc/config.php");
rating_functions.php - has this link : include_once("config.php");
rating_total_functions.php - has this link : include("inc/config.php");
Hope i've explained myself here
Right, looking at my hosting now:
$_SERVER['DOCUMENT_ROOT']; outputs this: /foldy/homepages/11/username/htdocs/webbysite
My index file is located at: /foldy/homepages/11/username/htdocs/webbysite/index.php
The included rating script is located in: /foldy/homepages/11/username/htdocs/webbysite/include/
I want the config to be in /foldy/homepages/11/username/htdocs/secretfiles/config.php
Am trying to some how go out of: webbysite folder and then into secretfiles (sibling folders)
I have tried adding ../ and so on, but am missing something obviously :(
Try
$configLocation = $_SERVER['DOCUMENT_ROOT'].'../files/website/config.php';
include_once($configLocation)
but the problem is the config file is in this directory
it is not a problem at all.
just keep it as is.
Concerning your particular problem, your problem is that you don't know where you want to put your file. /files/website/ is not likely a right path and it is apparently not one level high from webroot.
So, first of all make your mind about the right path to the directory and it's relative position to the web root
if you are concerned about security ( because your config file contains the db details ) i would place the db config file outside the site root folder and then require_once('../../dbConfig.php') from the script that's creating xml or json for your ajax
more exactly ...
your site folder might be here: /var/www/html
set a virtual host (done differently on Linux and Windows) and point your domain to a sub folder inside /html so that the new path to the site root is /var/www/html/site.
then place your config file in /var/www/html and call it from your scripts inside your /site folder using require_once('../dbConfig.php)`.
your db details are outside the site folder
im a total beginner in web programming. Im trying to create a simple website that is reading data from a SQL Database. At first i just wrote my database password and login directly into the php code:
<?php
$username = "login";
$password = "pw";
mysql_connect("server", $username, $password);
...
?>
This obviously isn't a very good idea! So what is a (much) more "secure" way to do this? I read about putting the php code into a seperate file, meaning not into the main php document of the website, and then restricting the access to that file. Maybe by a .htaccess file. Is this the way to go?
The config.php file and the .htaccess is a classic/good way to go. It's the way it is usually done with CMS or frameworks.
As pointed by JohnP, you can also store the config.php outside of the public directory, that means that it can't be accessed via HTTP. This is only a little better for security (if you don't make a mistake with your .htaccess, there is no more risks).
File structure example :
config/ -> configuration files
lib/ -> libraries and utils PHP files
public/ -> all you public pages/files/images...
That way, http://www.your-site.com/ points to public/, so there's no way to access the config. But this solution implies that you can change the root web directory (or that it is already like that).
Finally, you have to remember to set this file readable and writeable by the Apache user only, not everyone (unix file access rights), so that if someone gain access to you server through another user, he can't read the file.
You normally put this in a configuration file and you access the configuration values via PHP.
Usually a project is organized such that your application code and your configuration code is outside your webroot and only your public resources (index.php, images, scripts or other resources) are available via direct access.
I have a php script that has the following requirement command: require_once 'HTTP/OAuth.php'; the file HTTP/OAuth.php is in php's include_path that is .:/usr/lib/php.
Nevertheless in Eclipse the require_once line is marked with the following warning: Include filename: 'HTTP/OAuth.php' doesn't exist in project:
How can I make my project see the include_path so it can find the require_once file?
I honestly think you can't access any folder outside the root of your web application, basically you can't go any further than /. Imagine you use a shared web hosting service and someone access your files at will, it's just not safe at all.
You can, however, copy the file and put in inside your application scope. E.g: require('/includes/OAuth.php');.