I'm trying to include a javascript file in a phmtl view script file using the zend framework. Both the javascript file and the phtml file are part of a php library and located outside the doc root folder of my project. So the file structure looks like
/var/www/vhosts/project/
/var/www/vhosts/libraries/my-lib/view/viewscript.phtml
/var/www/vhosts/libraries/my-lib/js/javascript.js
/var/www/vhosts/libraries/my-lib has been added to the PHP paths using set_include_path. In viewscript.phtml, I use the following line to include javascript.js.
<?php $this->headScript()->appendFile('js/javascript.js'); ?>
For some reason, javascript.js is not included, even if I specify the absolute path instead of a relative path. Instead, I get a whole copy of my webpage inside a tag in the head section. If I put javascript.js into the doc root folder /var/www/vhosts/project and change the appendFile() path, it works just fine. How can I include javascript outside of doc root?
Based on previous questions you've been asking I think your directories are something problematic for you.
here is a functionnal and secure example or directory organization for Zend Framework (partial)
var/
www/
vhosts/
otherproject/
project/
src/ <-- maybe some project src can be here and not in your libraries
htdocs/ <--- real apache document root
css/
js/
var/
log/
sessions/
etc/
doc/
libraries/
Zend/
my-lib/
js/
So apache documentRoot is /var/www/project/htdocs. Here we can find the index.php file, the only php file available on public access.
In htdocs/js & htdocs/css you can put some of your project js & css files. And then you've got the problem of css and js files of your external php libs that are now completly outside of the web root.
What I usually do is, like others have said here, links from external directories to the js directory inside the web root. But to be more precise and keep things well organized here what you should do there:
ln -s /var/www/project/libraries/my-lib/js /var/www/project/htdocs/js/my-lib
ln -s /var/www/project/libraries/my-lib/css /var/www/project/htdocs/css/my-lib
And you should do it for all external lib having files that should be in the document root.
This way the base url for the js files of my-lib is /js/my-lib/.
Do not fear of using symlinks (junctions on windows), you can even store them in subversion repository. Just check that your apache configuration allow symlinks (Options +FollowSymlinks)
The path provided in appendFile() is relative to the site's document root (eg, your 'public' folder). It will not pick up on the php include_path.
You could move the js file into the doc root, create a symbolic link to it in the doc root, or you could read the file using php and output it's contents as a <script> tag.
form your path , i can tell your are using linux
so you can use symlink like this :
ln -s /var/www/vhosts/libraries/my-lib/ /var/www/vhosts/project/mylib/
therefor you can append the files :
<?php $this->headScript()->appendFile('/mylib/js/javascript.js'); ?>
and tada , its done
The tag that will be added to the page is a reference for the browser where to look for the JavaScript file.
JavaScript is a client side language, it runs on the users computer and is interpreted there, so the user needs to be able to access the file, hence it needs to be inside the root path as the user (client) should not have access to your application dir.
You could save a PHP file in your doc root and use that to get your JS:
getJS.php (saved in the doc root):
<?php
header("Content-type: text/javascript");
include_once '/../var/www/vhosts/libraries/my-lib/js/someJSfile.js';
?>
Then in your code:
<?php
$this->headScript()->appendFile('getJS.php');
?>
You could include switches to include different JS files or whatever you wanted, I haven't tested this for functionality, but the file when clicked does get the contents of the JS file.
Note: If this is for security reasons, it won't take much to get the contents of the file the user wants!
Related
I have a small PHP/MySQL project I would like to upload to our subdomain. The project has an includes/ folder that contains some PHP files that have information about the database name, username, password and login function.
How can I make the files of this directory readable by the website (so when someone comes to the website, they can log in and do other stuff) but not accessible to the public? I can use a file downloader to download the content of the folder which is something I want to block.
Is the solution using a .htaccess file?
EDIT:
Thank you all for the answer. After some reading, I switched my folder structure to be like this:
includes/
- initiate.php
- login.inc.php
- functions.inc.php
public/
- index.php
- login.php
templates/
- header.php
- footer.php
I'm now having issues setting up relative and absolute path constants though
The initiate.php has my constant variables:
define('INITIATE_FOLDER', dirname(__FILE__));
define('ROOT_FOLDER', dirname(INITIATE_FOLDER));
define('TEMPLATES', ROOT_FOLDER . '/templates');
define('INCLUDES', ROOT_FOLDER . '/includes');
define('WWW_ROOT', ROOT_FOLDER . '/public');
When I echo out the constants, I get the followings:
echo INITIATE_FOLDER; C:\wamp64\www\project\includes
echo ROOT_FOLDER; C:\wamp64\www\project
echo INCLUDES; C:\wamp64\www\project/includes
echo TEMPLATES; C:\wamp64\www\project/templates
echo WWW_ROOT; C:\wamp64\www\project/public
Can you please tell me what I'm doing wrong and how to correct it?
If your server setup is correct, no PHP file will get downlaoded, only executed.
Basically, you have PHP extension installed nad if the file starts with <?php then it will be executable.
As others have said, all content between <?php ?> tags will be removed from the page before it's served by your server, so long as your file ends in .php.
If you are trying to keep a non-php file from being served, your best bet is to put your includes folder where it is not publicly available.
Generally, when you FTP into your server, the layout is something like this:
www/
public_html/
... etc, other folders
The files you want to make publicly available should go inside of the public_html/www folder (www is usually just a shortcut/symlink for public_html).
You includes directory should go next to the public_html folder, rather than within it.
www/
public_html/
includes/
... etc, other folders
Then, in the files where you were including those files, include them from the new location.
<?php
require_once "includes/databaseSettings.php";
becomes
<?php
require_once "../includes/databaseSettings.php";
Now your files are outside of the directory being served by your HTTP server, but still available to be included in the rest of your code.
This has usually been my experience, but can vary from vendor to vendor. If, when you FTP into your server, you don't see a www or public_html folder, try navigating up one directory.
I have a PHP page on my site in a sub folder called Articles.
The page is article.php.
The article.php page requires a common php page called _head.php. This provides the header for the pages.
_head.php is located in the root directory.
The /Articles directory is a subdirectory within the root.
I've included this _head.php page in article.php this way:
<?php include("../_head.php"); ?>
And this works fine.
The problem, however, is that the image elements within _head.php are located in the 'images' subdirectory (also off the root) and are referenced relative to the _head.php being in the root, like this...
<img src="images/services.gif">
So if I use _head.php for files on the root, it works great and shows all the images correctly. But when I include _head.php into a php file that is not in the root, but instead in a subdirectory like /Articles (/Articles/articles.php), the images do not show up.
Do I need to change the _head.php file in how it references the images or is there some code I'm supposed to include in articles.php when including _head.php that tells it how to use _head.php?
I'm concerned about using all absolute paths because if I have to move this site to another server this is going to cause me issues.
Mentioning what I follow not going to the hierarchical complexity,
For any PHP file that is being imported into another PHP file in root simple include/require_once (<path>).
For any file below root accessing other file anywhere within the root I use include/require_once (../<path>).
For accessing files which are outside the root, I use the absolute path of that file.
Working on few php files what I have seen using absolute path is the best thing in two ways, a) you are free from remembering the paths of different files and b) if you are using CDN or if your files are on different servers then this is very helpful. Anyways opinions may vary, this is my personal view/choice.
I am relatively new to this whole MVC structure for web apps.
Here is the structure of my project.
The file you see on the right of the picture is inside the 'Views' folder.
When I want to link a css file, why does the path have to be href="/css/stylePortfolio.css"
Why is it not href="../../public/css/stylePortfolio.css"?
What you are looking at, is the HTML that is sent to the users' browser. The browser does not know anything about the structure of your application. It simply reads that href link, and downloads the file from http://example.com<link>, where <link> is /css/main.css for example.
When configured correctly, the web root of your website is in your /public folder. That means, anything that a browser requests, is relative to your web root. Thus, if you want to link to a css file, you need to think of that link relatively to your projects web root, not relatively to your project root.
An example:
Say, you create a new project in /home/user/AwesomePhpProject.
Now, /home/user/AwesomePhpProject is called your project root.
In your project root, you create a directory, public. You configure that directory to be your web root, using VirtualHost (when using Apache) or the root directive (when using Nginx).
/home/user/AwesomePhpProject/public is now your web root.
When a browser requests /css/main.css, it will be directed to /css/main.css relative to your web root. In our case, that will be /home/user/AwesomePhpProject/public/css/main.css.
Most modern applications separate the project and web root, for security reasons.
As your index.php is inside the public folder, so all the views are loading in the public folder. That is why you should declare the CSS path from the public root. You can modify the path if necessary.
In this case, you can declare a global variable or constant your main controller with the path of your CSS folder
define('CSS_PATH', 'http://localhost/fab/public/css/');
Now use this like
<link rel="stylesheet" href="<?=CSS_PATH?>bootstrap.css">
It's because front-end links (like CSS and JS) are relative from current file you are in. And since your root is in public you have to specify URL from this directory (you can't link to any file in top level of root).
Why is it not href="../../public/css/stylePortfolio.css"?
Because entry point of your MVC is index.php from public folder. So all your css and js links should be relative to public folder
Im creating my own website, but I am having some path problems.
My scripts will not load when I refer to the path.
I have simply created a folder called "js" under my repository and are trying the following code:
<script src="js/startup.js"></script>
But the script wont load.
I've also programmed some PHP scripts and used include, and it seems to work fine there.
Any tips?
Regards
When including resources for the browser, the path is relative to the web root but when including php files, it is relative to the current file.
/project
/webRoot
-index.php
/js
-startup.js
/lib
-some.php
given this structure, your script tag would work, even if included in some.php. In index.php, you would need
include(dirname(__FILE__).'/../lib/some.php');
I am using wamp, and I have two directories; /www and /scripts. In /www I have index.html, and in /scripts I have test.php. I am not too familiar with standard PHP directory conventions, but here is what I would like to have in my index.html file
...html statements...
<run the following php script: /scripts/test.php>
...html statements
rather than include the php script itself in the index.html file.
I have researched the ScriptAlias directive in Apache (http://httpd.apache.org/docs/2.0/mod/mod_alias.html#scriptalias) but I didn't quite understand how to apply it to this situation. Any ideas on how to proceed?
You can't link to PHP outside the doc root from within HTML, but you can include PHP from outside the doc root from within PHP. I.e., replace the index.html with an index.php, that looks something like this:
...html statements...
require_once '/path/to/scripts/test.php';
...html statements...
You cannot access files outside of the document root using HTML (luckily).
Think about what can happen when someone can just access stuff outside the document root, e.g.: /etc/passwd or whatever.
However if you use php you can access files outside document root by for example using: require or include. And this is IMHO best practice when doing something in PHP. In your document root you will only have a bootstrap file which accesses files outside the document root.
This is because PHP is server side and HTML is client side.
UPDATE
If you want to access a file 1 directory above the current directory you can you a relative path:
`require_once '../thefile.php';`
Can't be done with HTML, however if you had an index.php file instead of an index.html file you could do it. I guess you could setup apache to compile html as php if you have to keep it as an html file.