PHP include file in webroot from file outside webroot
Full path should be:
include('/home/xx/xx/domains/mydomain/webroot/file-to-include.php');
Or you should set the path like:
include(__DIR__ . '/../webroot/file-to-include.php'); // php version >= 5.3
include(dirname(__FILE__) . '/../webroot/file-to-include.php'); // php version < 5.3
PHP include file from outside of webroot
I found the way to solve this issue from here. I have SELinux running on my Centos 7 Virtual Server.
I need to grant httpd permission to read from /home dir using:
sudo setsebool httpd_read_user_content=1
Downloading files outside the webroot
After much trial and error, I appear to have solved the problem.
The issue was in using jQuery/Ajax.
When I changed the way the downloadscript.php
file is accessed to a direct $_GET
request from the link on the page, it worked a treat.
Anyway, thanks for your help everyone!
Chris
PHP get file outside of document root
First make sure apache
as permission to read the files on /var/extra-files
, then you can use:
require "/var/extra-files/file.php";
You may want to read Difference between require, include and require_once?
How to include file outside document root?
You can not accomplish this if open_basedir
is in effect, which prevents PHP from traversing out of the home directory.
What you can do is make sure that docroot1 and docroot2 are owned by users in the same group, set group permissions accordingly and use a symbolic link from docroot2 to docroot1 to read the other web root.
Or, re-build PHP and let it just follow typical *nix permissions like every other process :)
PHP - Security in accessing files outside of web root
You need to allow Apache (assumed) to access that folder with images using Directory directive (http://httpd.apache.org/docs/2.2/mod/core.html#directory).
Or you can move images under root directory and restrict direct access to them using .htaccess if you want to keep them protected.
Storing script files outside web root
Using .htaccess adds overhead since Apache has another item it needs to check for and process.
Keeping files out of web root isn't being paranoid, it's good practice. What happens if someone accesses one of the "include" files directly and it throws out revealing errors because all the pre-requisite files weren't loaded?
Each file needs to have it's own security checks to make sure it is running under the expected environment. Each executable file in a web accessible area is a potential security hole.
Call PHP file outside wwwroot folder (Windows host, Arvixe)
Some PHP script has to be web-accessible. If you don't want your main PHP script to be web-accessible, you still need another web-accessible PHP script to call the main script. There is no way around this unless you introduce an additional technology like SSI.
It makes no difference if you use Windows or not for what you're asking.
Definition of Outside Webroot
All the nowadays PHP framework you will find do, indeed store their whole code base in a level under the web root.
They do not only store informations like credentials actually, they do store all the business logic of the application outside of the web root. They will then only allow a facade file to be accessed (most of the time a index.php or app.php) that will, then, with the help of controllers, handle every request and route you to the right page/content, and, of course, all the static content the site will use (your design images, your css, your js, ...).
For example :
- Zend Framework does use a
public
folder where you will find anindex.php
and all the static files - Symfony does use a
web
folder where you will find two filesapp.php
andapp_dev.php
and again all of the static files
So in your case you could do
/var/www/vhosts/example.com/httpdocs/
is the web root of your server/var/www/vhosts/example.com/app/
store all the php code you need/var/www/vhosts/example.com/app/config
store all your configuration file, and then maybe your credentials files which you can call sql_config.php
/var/www/vhosts/example.com/httpdocs/afile.php
will require_once '../app/config/sql_config.php
Related Topics
When and Where Should I Use Session_Start
Pdo and MySQL Fulltext Searches
Fatal Error: Call to Undefined Function Openssl_Random_Pseudo_Bytes()
Calling Perl Script from PHP and Passing in Variables, While Also Using Variablized Perl Script Name
Trying to Replace Parts of String Start with Same Search Chars
"Distance" Between Colours in PHP
How to Document Magic (_Call and _Callstatic) Methods for Ides
How to Check If a MySQL Table Exists with PHP
How to Login Using Github, Facebook, Gmail and Twitter in Laravel 5.1
Detect If Cookies Are Enabled in PHP
PHP Session Seemingly Not Working
How to Convert Excel File into MySQL Database
How to Create Multi-Dimensional Array from a List