I have a php applicaiton and i'm planning to keep critical settings in a .ini file. However, i think that file can be accessed from over the web, so where is a "standard place" for it to be placed?
You can store it above the document/web root or specifically block access to it. For example, a common structure for PHP applications is:
application/
public/
Where public is the web root - so I usually store application configuration in application/config where I know it can't be accessed.
An alternative would be to block it using Apache:
<!-- Block access to all .ini files -->
<Files ~ "\.ini">
Order deny,allow
Deny from all
</Files>
The "standard place" is anywhere not affected by the directory root of the apache. For example you can place it under /home/someuser/, or somewhere else.
Place the .ini file outside the web root or protect it with .htaccess if you really want to keep it under the web root.
It can be accessed if you place your INI file in your webroot/docroot.
Making sure the file is not accessible via the docroot is the first step.
I would use a database to be honest.
However, if you really want to use a flat file (e.g. .ini), you can place it in a directory, and use .htaccess to stop people from accessing it via their browser. That way, you can still access the file via php file functions.
To do this, make a file called .htaccess in the folder you want to protect (e.g. ini/)
Then, in this file put:
deny from all
The folder is now not accessible by going to the url in the browser.
Place the configuration in a directory that isn't readable by the webserver, yet is readable for the application. Generally, you have a specific directory that's readable by the webserver, such as "web", "www", "public" or "public_html". Make sure you put it in the directory below that one.
That way, your application can read the file:
$cfg = parse_ini_file(
realpath( dirname( __FILE__ ) . '/../' ) . '/config.php'
);
Your webserver doesn't know how to reach it though, so it's secure.
a good example is Zend FW or any other php frameworks. directory structue is:
application/config/config.ini
library/Zend/
public/index.php
where public is accesible from web
Related
I am writing an HTML/CSS/JS project on my localhost.
The project root is found at http://localhost/projects/project1/.
I want to know if it is possible to make the HTML files treat my project
root as its' base URL so that referencing the same javascript/css files
doesn't depend on the path of the HTML file(unless I reference relative to
current directory).
Here is my project structure:
projects
project1
index.html
pages (directory)
page1.html
page2.html
apps(directory)
app1(directory)
index.html
style.css
app.js
deps(directory)
jquery.js
As you can see, to refer to jquery.js inside my /projects/project1/index.html,
I have to write:
<script src="deps/jquery.js"></script>
To refer to jquery.js inside /projects/project1/pages/index1.html,
I have to write
<script src="../deps/jquery.js"></script>
To refer to jquery.js inside http://localhost/projects/project1/apps/app1/index.html,
I have to write
<script src="../../jquery.js"></script>
At which point I am not sure I wrote the correct number of ../s and can easily
cause errors.
Worse, If i reorder my directories around or rename them, it means I have to deal with
rewriting the paths again, which can be very daunting.
I have thought of various ways to address them none of which are appealing(although option 3 comes close).
Thoughts/Attempts:
I tried playing with .htaccess RewriteEngine/RewriteBase but nothing worked.
I could just create a new server for each project as NodeJS makes it really easy to do so.
This way, each server has the directory as its' static path and is '/'.
The problem with this approach is that this managing
many servers up at once on different ports which can be confusing.
I could set an absolute path variable in .htaccess via
SetEnv PROJECT_PATH /projects/project1/
However doing this means I have to open .htaccess each time I move the folder
or rename it and change the PROJECT_PATH. This may seem simple but if you
give the project to somebody else and they don't know how .htaccess works,
it is very painful to explain how to find this path, and how to change it,
and even more problematic if the .htaccess is longer than one line.
Ideally, I want this SetEnv to figure out the folder it is inside by itself,
but I don't know how to accomplish this. This also has a problem that the pathing becomes dependent on the PHP preprocessing which makes it painful to move to another server that does not have .htaccess or PHP such as NodeJS(which can still invoke php but even then it needs to deal with .htaccess).
I want to know if it is possible to either
Make .htaccess file create an environment variable containing deduced path
of this particular .htaccess file so that php files inside this directory can
do pathing relative to $_ENV{PROJECT_ROOT}. This way if the project is moved or shared, it will still work without needing to modify .htaccess.
Make .htaccess to force HTML files contained in the same or lower directories that all "/" references treat this directory as the root.
Or if there are other things to address this issue that I have not thought of.
Thanks ahead of time.
Dmitry, you can try this:
1) In your file httpd.conf, add the following line at the end:
Redirect permanent /deps http://localhost/projects/project1/deps/
2) Restart apache service
3) Refresh your index page(/projects/project1/pages/index1.html)
I have used something like this:
<html>
<head>
<script src="/deps/jquery.min.js"></script>
</head>
</html>
<?php
echo "welcome to index"
?>
How do I access a directory outside of my document root?
This explain how to give users access to a directory that is outside of your directory root on Windows.
Assuming that your directory is located at C:/www/newfolder/ then you would create the following in your httpd.conf file.
Alias /newfolder/ "C:/www/newfolder/"
<Directory "C:/www/newfolder">
Options Indexes MultiViews
AllowOverride AuthConfig
Order allow,deny
Allow from all
</Directory>
Now, when a user goes to www.domain.com/newfolder/ then they see the folder that is outside your document root and it appears in the browser to be a directory contained below the document root..
One thing to consider is that if you have virtualhosts, then an alias works for every virtualhost, so try to use uncommon names for your alias.
Hope this helps
On the Apache Server it is possible to define a directory for PHP includes. The path to the include folder is out of root, and does not conflict with the server script. The reason why I think it is nice to store the secure files like config.php and db-access.php in the PHP global include folder, is that I don't have to define the path for each and every single page in my web application. I can simply do as following:
<?
require_once('config.php');
require_once('db-access.php');
?>
But then I have a question cause, besides that the include folder is outside of root, is it still save enough?
It will be save enough, it you wouldn't place it under your htdocs folder ( folder, which is accessible via you web server ). So, you can put it in any other places.
use .htacces
order deny,allow
deny from all
Way to include file from root directroy
<?php
$path = $_SERVER['DOCUMENT_ROOT'];
$path .= '/folder/config.php';
require_once($path);
?>
OR Use if they are in your public_html or www folder
Order allow,deny
deny from all
I have a little problem: I began a project as a subdirectory in a larger web project. Thus the web file path is something like /../myProject. But things have progressed and I've realized that this should be its own project. However, I'd like to be able to keep it where it (as a sub-directory) also make it a sub-domain wherein myProject becomes the root. (There is also the possibility that my project will be mirrored at a library site, where it will once be in a sub-directory).
The problem I having with all this is that in some cases I have html_partial files, (for instance for the header or footer). But the relative path of these partials differs depending on where you are in the file tree. I originally solved this by always going back to the root.
But now, you see, depending on where my project lives, the root will be different. What I'd like to do is declare myProject as the "application root" and then be able to use relative paths based on this application root rather the than the web root'. This way, all of the relative paths within 'myProject' will work no matter wheremyProject` lives in the web path.
Does PHP have a way to declare something like an Application Root if so, can you explain it me or direct me to its documentation. Thanks!
You could simply have a PHP file in your application root directory which would define the directory it is in as the application root. The file could be as simple as this:
<?php
define('APPLICATION_ROOT', __DIR__);
?>
You could then include this file as needed and base all of your file paths off of APPLICATION_ROOT. Note that APPLICATION_ROOT would not have a trailing slash as defined here (unless your file happened to be on in the machines root directory, which is unlikely).
I usually do something lile this in the front controller:
define('APPLICATION_PATH', realpath(__DIR__));
Then you can do things like:
set_include_path(APPLICATION_PATH . '/include');
Or:
$fp = fopen(APPLICATION_PATH . '/path/to/some/file', 'r');
If your app doesn't make use of a front controller, you could define an environment variable in your vhost config or .htaccess:
SetEnv APPLICATION_PATH /full/path/to/my/app
And then use:
getenv('APPLICATION_PATH')
I have a site on a server running Apache2 that resides at docroot /var/www/html. I want to access some of the files on a separate site at docroot /var/www/vhosts/othersite. Is there a way to access these files from the first site?
Thanks,
Chris Birk
You can include them using the include and require calls, or use symlinks to create a soft link in project 1 from project 2. These obviously depend on what you're actually trying to accomplish.
Edit: Oh, also, you could potentially add the folders you want to PATH.
The right way to do this is with mod_rewrite, and there are several ways of mapping URLs to different paths in the documentation here.
The cheatin' way of doing it would be to create a symbolic link from the directory outside the document root to a directory inside the document root, making sure the user Apache runs has can read that directory, and follow symlinks is turned on.
Yet another way of doing it would be to create a subdomain as a VirtualHost, with a document root of that other directory.
I am developing a web application. contents are:
root dir (/var/www/)
config.php
index.php
details.php
admin dir (/var/www/admin)
admin.php
I have included config.php file into index.php, details.php in root directory using require_once('config.php') as this file contains database passwords, styles, images directory paths..
how can i include that config files in my admin/admin.php file so that one config file can be used in anywhere(even in subdirectories) of my web application. Will it make any difference for the value of define('APP_BASE_PATH', dirname(__FILE__)); when same config file is used by all files in the web application.
if i am wrong somewhere then please get me right.
If your server properly configured, just
include $_SERVER['DOCUMENT_ROOT']."/config.php";
anywhere
You have also 2 other possible ways.
a Front controller setup, where ALL user requests going into one file. And ths one going to include all others from their subdirectories. Personally I don't like it cause this front file become a mess. Though it's widely used.
I decided not to mention it because noone would use a hardcoded full path anyway.
Update after clarification in comments: You are looking for a way to include a central configuration file from anywhere in your project's folder structure.
#Col. Shrapnel shows one way, DOCUMENT_ROOT. It's the only way to use an "absolute" path from a nested folder structure. It has the limitation I describe above, but it's fine otherwise.
If you want maximum portability (i.e. the possibility to run the app with e.g. www.example.com/myapp/version_1 as its root directory), you would have to use relative references from within your folder structure to "climb down" to the config file, e.g. ../../config.php that will work reliably too, although be a bit cumbersome e.g. if you move a script to a different folder and you have to update the relative path.
you can use the same config file every time... using "/" will take you back to the root directory... so in admin/admin.php use this:
require_once("/config.php");
you can use "../" to take you up one directory eg:
require_once("../config.php");
was this what you were looking for?