By someone's advice I've put all my PHP files in a separate folder (inc) on the same level as htdocs. Only index.php is left in htdocs. So, it's like this:
C:\myproject\htdocs
- index.php
C:\myproject\inc
- login.php
- util.php
- register.php
...
Now, when I go to localhost in my browser index.php is processed and shown correctly. But any links to other php files are not found. I tried to prepend links with "inc", but they're still not found. What should I do?
My php.ini file has this line (it's on Windows):
include_path = ".;C:\myproject\inc"
The point of an include directory is to put files you don't want to be accessible by a Webserver. If login.php needs to be accessible via a URL like:
http://yourdomain.com/login.php
then don't put login.php in the include directory. Putting util.php in an include directory makes sense because you never want this:
http://yourdomain.com/util.php
You can't put web-accessible files outside the htdocs folder, you should be using the 'inc' folder for files like 'database_functions.inc' which should not be opened directly in your browser:
http://localhost/index.php // directly accessible - goes in htdocs
http://localhost/login.php // directly accessible - goes in htdocs
http://localhost/register.php // directly accessible - goes in htdocs
http://localhost/util.php // you don't want people loading this file directly - put in 'inc'
http://localhost/database_functions.php // you don't want people loading this file directly - put in 'inc'
I believe you need to escape the backslashes in your php.ini -- so it should be C:\\myproject\\inc. But as others have pointed out, you won't be able to use a browser to access the PHP files in your include directory, because the web server will not allow access to a directory outside the htdocs tree.
Related
I have a small PHP/MySQL project I would like to upload to our subdomain. The project has an includes/ folder that contains some PHP files that have information about the database name, username, password and login function.
How can I make the files of this directory readable by the website (so when someone comes to the website, they can log in and do other stuff) but not accessible to the public? I can use a file downloader to download the content of the folder which is something I want to block.
Is the solution using a .htaccess file?
EDIT:
Thank you all for the answer. After some reading, I switched my folder structure to be like this:
includes/
- initiate.php
- login.inc.php
- functions.inc.php
public/
- index.php
- login.php
templates/
- header.php
- footer.php
I'm now having issues setting up relative and absolute path constants though
The initiate.php has my constant variables:
define('INITIATE_FOLDER', dirname(__FILE__));
define('ROOT_FOLDER', dirname(INITIATE_FOLDER));
define('TEMPLATES', ROOT_FOLDER . '/templates');
define('INCLUDES', ROOT_FOLDER . '/includes');
define('WWW_ROOT', ROOT_FOLDER . '/public');
When I echo out the constants, I get the followings:
echo INITIATE_FOLDER; C:\wamp64\www\project\includes
echo ROOT_FOLDER; C:\wamp64\www\project
echo INCLUDES; C:\wamp64\www\project/includes
echo TEMPLATES; C:\wamp64\www\project/templates
echo WWW_ROOT; C:\wamp64\www\project/public
Can you please tell me what I'm doing wrong and how to correct it?
If your server setup is correct, no PHP file will get downlaoded, only executed.
Basically, you have PHP extension installed nad if the file starts with <?php then it will be executable.
As others have said, all content between <?php ?> tags will be removed from the page before it's served by your server, so long as your file ends in .php.
If you are trying to keep a non-php file from being served, your best bet is to put your includes folder where it is not publicly available.
Generally, when you FTP into your server, the layout is something like this:
www/
public_html/
... etc, other folders
The files you want to make publicly available should go inside of the public_html/www folder (www is usually just a shortcut/symlink for public_html).
You includes directory should go next to the public_html folder, rather than within it.
www/
public_html/
includes/
... etc, other folders
Then, in the files where you were including those files, include them from the new location.
<?php
require_once "includes/databaseSettings.php";
becomes
<?php
require_once "../includes/databaseSettings.php";
Now your files are outside of the directory being served by your HTTP server, but still available to be included in the rest of your code.
This has usually been my experience, but can vary from vendor to vendor. If, when you FTP into your server, you don't see a www or public_html folder, try navigating up one directory.
So I have a web application hosted on a site. The web root (I.E. the files the client can access) is the public_html folder. However, I need to include files outside of the public_html folder. I do this using php include. I get an error no such file or directory. When it shows me the path it is still looking in the public_html folder, which is not where I need it looking.
The code looks like this:
<?php include('../eCommerceCore/shoppingCart.php');?>
I need it to look up one level but it will not search outside of public_html. Also, the file containing the line of code shown above is in the public_html folder if that helps.
Sometimes the current directory isn't what you expect it to be, such as when you include a file from an included file.
I like to use $_SERVER['DOCUMENT_ROOT'] on my includes so that I can always reference them absolutely from the root of my site:
<?php
include($_SERVER['DOCUMENT_ROOT']."../eCommerceCore/shoppingCart.php");
?>
Or this way you can try
<?php
include "../eCommerceCore/shoppingCart.php";
?>
If your includes directory is above your document root, you can use .. to still reference from the root.
I am trying to clean up my website folder structure. I have too many processing scripts in the root directory. The reason is because they won't work if I move them to a sub folder and call them from there.
For eg.
root directory
- images folder
- css folder
- js folder
- includes folder
- admin folder
index.php
ajax.php
Say I move the ajax.php to includes folder, it will look like this.
root directory
- images folder
- css folder
- js folder
- includes folder
- ajax.php
- core folder
- template folder
index.php
Now on every page I have an init.php required. In ajax.php for eg.
<?php require_once 'core/init.php'; ?>
// rest of the code
The issue I am having is that the init.php file won't run as long as ajax.php is in includes folder. I get an error something like this.
Warning: require_once(core/init.php): failed to open stream:
If i move the ajax.php back to the root directory, it'll work fine.
On index.php, this is how I am calling the ajax.php
core/init.php works fine when requiring in the "templates" folder.
Perhaps someone can tell me the solution to this?
Try using PHP's chdir function. This will change the working directory that your PHP environment is working in, and therefore the relative paths that your include functions are looking in. Ideally, you'd want to call chdir with the root of your project, so that when you do require_once('core/init.php'); you don't end up calling from the core directory, but rather your . directory.
I'm having a spot of bother with php includes. I have the following file structure
htdocs
index.php
login.php
php_includes
db_conx.php
check_user_status.php
within the db_conx.php file i've creates a variable $number = 10; for testing.
The db_conx file is included in the check_user_status.php file with the following code:
include_once("db_conx.php");
and that is working fine - i.e. i can echo $number and get 10.
However, I'm including the check_user_status.php file at the top of login.php with this code:
include_once("php_includes/db_conx.php");
and on this page I'm unable to echo out $number on this page (check_user_status.php).
I'm going to need this script included in many pages (since it checks whether the user is logged in or not). Am I doing something strange with the paths?
For relative paths you need to do this.
include_once("../php_includes/db_conx.php");
To break this down.
Your Current working directory is initially going to be htdocs/ if your hit that file in your browser.
the .. back you up one directory level (so the directory that contains both htdocs and php_includes)
then you want to follow down php_includes to get to db_conx.php.
This will become a problem when you do a file in a subdirectory. Assuming you and a page2.php to a htdocs/subpages/
Now if we follow those same steps we are not going to arrive at the same location.
A better approach is to get the path relative to an absolute location. I like using the document root (htdocs in your case), so:
include($_SERVER["DOCUMENT_ROOT"]."/../php_includes/db_conx.php");
will refer to the same place on the file system regardless of where it is used.
I think you can use __DIR__ magic constant
The directory of the file. If used inside an include, the directory of the included file is returned. This is equivalent to dirname(FILE). This directory name does not have a trailing slash unless it is the root directory. (Added in PHP 5.3.0.)
This will help you with nested included files, infact the file path will be always set automatically and you don't have to deal with absolute paths.
If your file structure is correct, assuming that php_includes is NOT a directory within htdocs, you would need to do:
include_once("../php_includes/db_conx.php");
Am trying to use a config file for a database and rating script but the problem is the config file is in this directory :
website.com/include/config.php aka websitename/include/config.php
The rating script needs the config and is accessed like this:
include_once("config.php");
I want the config to be in:
"/files/website/"
A directory level up from the website root folder.
I have been trying with:
"../files/website/" and other variations but can not figure out how to link them.
I have managed to put one config file and access it, but with this ajax rating script the only way for it to work is to have the config in the /include/ folder next to:
rating_process.php - has this link : include("inc/config.php");
rating_functions.php - has this link : include_once("config.php");
rating_total_functions.php - has this link : include("inc/config.php");
Hope i've explained myself here
Right, looking at my hosting now:
$_SERVER['DOCUMENT_ROOT']; outputs this: /foldy/homepages/11/username/htdocs/webbysite
My index file is located at: /foldy/homepages/11/username/htdocs/webbysite/index.php
The included rating script is located in: /foldy/homepages/11/username/htdocs/webbysite/include/
I want the config to be in /foldy/homepages/11/username/htdocs/secretfiles/config.php
Am trying to some how go out of: webbysite folder and then into secretfiles (sibling folders)
I have tried adding ../ and so on, but am missing something obviously :(
Try
$configLocation = $_SERVER['DOCUMENT_ROOT'].'../files/website/config.php';
include_once($configLocation)
but the problem is the config file is in this directory
it is not a problem at all.
just keep it as is.
Concerning your particular problem, your problem is that you don't know where you want to put your file. /files/website/ is not likely a right path and it is apparently not one level high from webroot.
So, first of all make your mind about the right path to the directory and it's relative position to the web root
if you are concerned about security ( because your config file contains the db details ) i would place the db config file outside the site root folder and then require_once('../../dbConfig.php') from the script that's creating xml or json for your ajax
more exactly ...
your site folder might be here: /var/www/html
set a virtual host (done differently on Linux and Windows) and point your domain to a sub folder inside /html so that the new path to the site root is /var/www/html/site.
then place your config file in /var/www/html and call it from your scripts inside your /site folder using require_once('../dbConfig.php)`.
your db details are outside the site folder