PHP Include File in Webroot from File Outside Webroot

PHP include file in webroot from file outside webroot

Full path should be:

include('/home/xx/xx/domains/mydomain/webroot/file-to-include.php');

Or you should set the path like:

include(__DIR__ . '/../webroot/file-to-include.php');  // php version >= 5.3
include(dirname(__FILE__) . '/../webroot/file-to-include.php');  // php version < 5.3

PHP include file from outside of webroot

I found the way to solve this issue from here. I have SELinux running on my Centos 7 Virtual Server.

I need to grant httpd permission to read from /home dir using:

sudo setsebool httpd_read_user_content=1

Downloading files outside the webroot

After much trial and error, I appear to have solved the problem.

The issue was in using jQuery/Ajax.

When I changed the way the downloadscript.php file is accessed to a direct $_GET request from the link on the page, it worked a treat.

Anyway, thanks for your help everyone!

Chris

PHP get file outside of document root

First make sure apache as permission to read the files on /var/extra-files, then you can use:

require "/var/extra-files/file.php";

You may want to read Difference between require, include and require_once?

How to include file outside document root?

You can not accomplish this if open_basedir is in effect, which prevents PHP from traversing out of the home directory.

What you can do is make sure that docroot1 and docroot2 are owned by users in the same group, set group permissions accordingly and use a symbolic link from docroot2 to docroot1 to read the other web root.

Or, re-build PHP and let it just follow typical *nix permissions like every other process :)

PHP - Security in accessing files outside of web root

You need to allow Apache (assumed) to access that folder with images using Directory directive (http://httpd.apache.org/docs/2.2/mod/core.html#directory).

Or you can move images under root directory and restrict direct access to them using .htaccess if you want to keep them protected.

Storing script files outside web root

Using .htaccess adds overhead since Apache has another item it needs to check for and process.

Keeping files out of web root isn't being paranoid, it's good practice. What happens if someone accesses one of the "include" files directly and it throws out revealing errors because all the pre-requisite files weren't loaded?

Each file needs to have it's own security checks to make sure it is running under the expected environment. Each executable file in a web accessible area is a potential security hole.

Call PHP file outside wwwroot folder (Windows host, Arvixe)

Some PHP script has to be web-accessible. If you don't want your main PHP script to be web-accessible, you still need another web-accessible PHP script to call the main script. There is no way around this unless you introduce an additional technology like SSI.

It makes no difference if you use Windows or not for what you're asking.

Definition of Outside Webroot

All the nowadays PHP framework you will find do, indeed store their whole code base in a level under the web root.

They do not only store informations like credentials actually, they do store all the business logic of the application outside of the web root. They will then only allow a facade file to be accessed (most of the time a index.php or app.php) that will, then, with the help of controllers, handle every request and route you to the right page/content, and, of course, all the static content the site will use (your design images, your css, your js, ...).

For example :

  • Zend Framework does use a public folder where you will find an index.php and all the static files
  • Symfony does use a web folder where you will find two files app.php and app_dev.php and again all of the static files

So in your case you could do

/var/www/vhosts/example.com/httpdocs/ is the web root of your server
/var/www/vhosts/example.com/app/ store all the php code you need
/var/www/vhosts/example.com/app/config store all your configuration file, and then maybe your credentials files which you can call sql_config.php
/var/www/vhosts/example.com/httpdocs/afile.php will require_once '../app/config/sql_config.php


Related Topics

When and Where Should I Use Session_Start

Pdo and MySQL Fulltext Searches

Fatal Error: Call to Undefined Function Openssl_Random_Pseudo_Bytes()

Validate Email in PHP

Calling Perl Script from PHP and Passing in Variables, While Also Using Variablized Perl Script Name

Trying to Replace Parts of String Start with Same Search Chars

Removing X-Powered-By

"Distance" Between Colours in PHP

How to Document Magic (_Call and _Callstatic) Methods for Ides

How to Check If a MySQL Table Exists with PHP

PHP - Upload Multiple Images

How to Login Using Github, Facebook, Gmail and Twitter in Laravel 5.1

Detect If Cookies Are Enabled in PHP

PHP Session Seemingly Not Working

How to Convert Excel File into MySQL Database

How to Create Multi-Dimensional Array from a List

Calling a Function Within a Class Method

Guzzle 6: No More JSON() Method for Responses


Leave a reply



Submit