Linking outside Web Root

[readyToGo]

Hi All,

 

I googled this and there is endless results.  I went through a lot of them but couldn't get this working properly.

 

How do I link from within my web site root to files outside the root?  It works for me using relative links  i.e.  ../../phpfiles/includes but that is going to get messy and I can't get a way of doing absolute links to work.  If someone could lay that out so a newbie can get it clearly I would really appreciate it!

 

 

Also - I understand why I should put all of my php files outside the web root but is this a guaranteed way to secure these files other than someone hacking my ftp access?

 

 

I've looked at a few site hierarchy examples - Am I right that the only pages within the web site root should be template pages with calls to required files (outside the root), session checks, and content includes and all other includes that have php executable code should be outside the root?

 

I really appreciate the advice and insight.  Thank you!

 

 

 

[Psycho]

The general structure you are alluding to is a very good practice. Any file 'above' the web root cannot be accessed directly from a browser. If you have files that are only meant to be included by other files and you put those in a web-accessible location then you have to take more time when developing those include files to ensure that if someone did access the file directly that no sensitive information would be compromised - such as if if the generated an error that leaked DB connection info.

 

I've built sites where the web-accessible files only have a few lines of code to set some variables, to set the action the user wants to perform, and then call the 'logic' files that are not web-accessible. However, as you've found, having to set the paths to the files can be cumbersome. I ran across an article a couple years back (can't find it at the moment) that showed an easy solution. I'll try to summarize it here:

 

1. Have a default page for your site (e.g. index.php) that sits in the web root of the site. Instead of using it for the home page you will use it to set the root path to the files that do the actual work. Then load the default 'logic' file. Here is the complete index.php file at the web root of one of my projects:

error_reporting(E_ALL | E_STRICT);

// Set include path to logic files
$ROOT_PATH = dirname(dirname(__FILE__)) . DIRECTORY_SEPARATOR;

include ("{$ROOT_PATH}main.php");
exit();

 

The code for setting $ROOT_PATH will set the directory one level up from the web root. Then in the main.php file you can define additional path locations as needed. Examples:

$_PATHS['includes']  = $_PATHS['root'] . 'includes'  . $_DS_;
$_PATHS['modules']   = $_PATHS['root'] . 'modules'   . $_DS_;
$_PATHS['classes']   = $_PATHS['root'] . 'classes'   . $_DS_;
$_PATHS['templates'] = $_PATHS['root'] . 'templates' . $_DS_;

 

You can now use those variables throughout your pages as needed.

 

Now, you may be asking yourself how does main.php 'know' what pages to load if it is called on every page load. Here is the process I followed. Let's say I have a web-accessible page to display a list of products (e.g. mysite.com/show_products.php). In that page I would only need the following code:

$action = "show_products";
include("../index.php");

 

So, when a user types the URL into their browser for that web page, the action variable is set. The page then loads index.php (which set the root path to the logic files outside the web root) which then loads the core logic file (main.php). In the main.php file I would create a switch() to determine what content pages to load based upon the actino:

if(!isset($action)) { $action = "home"; }

switch($module)
{
    case 'show_products':
        $actionFile = 'products/show.php';
        break;
    case 'home':
    default:
        $module = "home";
        $actionFile = 'home/home.php';
        break;
}

 

That is just a very simplistic example, however. For many pages there may be several sub-actions. For example, the show_products.php fiel may be used for pagination or searching of products. If the data to make that determination will be global (e.g. POST/GET) then I can access those after the logic file for show_products is loaded. However, I may have several web-accessible pages that load the same core logic file. Let's say I have one core logic file to manager products (manage_products.php). That file is loaded when I add, edit or delete products for which I have three different web-accessible page. Then in those pages I can have an $action and a $sub_action that I set. Then the manage_products.php page is loaded from main.php based upon the $action variable. And in the manage_products.php page I would have another switch() to determine the sub-module to load using $sub_action.

 

All of this is just one approach. I'll see if I can find the article and post a link here.

[readyToGo]

Wow - ok first - Thank You for all your time!

 

I follow what you are saying.  I have to do some work to understand all the syntax but I get it. 

 

This really changes the way I approach the whole application though.  Yikes.  This is pretty new to me.  I have been working on my own time for about a year now to learn php and how to integrate a database and the proper ways to avoid injections etc but I am still coding direct href links for most of my content calls.  Meaning, user wants to go to a contact page the link they click on is coded href="contact.php", that is a template page that calls content includes that build the page.  I haven't called content the way you are suggesting yet.  I get what you are doing but only in a high level way.  I haven't wrapped my brain around it yet.  Coding is not my strength but has turned into a need that I can't ignore. lol.

 

I have saved out your examples incase I lose this post some day because this is where I want to be and will be working to get there.  I was really hoping for something that could be simply coded within href links (easier for my head to manage).  I guess this is why I couldn't find anything in my search that did it for me.  I was reading somewhere you can make a change in the php.ini file that allows you to make absolute links starting from outside the root but I didn't get that working.  I should suck it up and do it right the first time I guess. 

 

Thanks again for your help.  I'm getting called away now but I'll get to work later today and see I can make this work!

 

 

[Psycho]

. . . user wants to go to a contact page the link they click on is coded href="contact.php", that is a template page that calls content includes that build the page.

 

Well, there's no reason you can't implement something to work with what you currently have. On all of your web accessible pages, load a single file to define variable for the absolute paths to the folders that you need to access. You would have to provide the relative path to that one file. Then all of your pages can simply include the appropriate variables.

 

So, in your 'contact.php' page, you would have something like this at the top of the page:

include('../../folder_paths.php);

That file would define the variables for the absolute paths to the content folders you need. Then, later in the 'contact.php' page you could include the appropriate content file using something like

include("{$includes_folder}/contact_content.php");

[readyToGo]

Fair enough.  One way or another you have been a big help to me and I'm sure a lot of others that find this thread.

 

One more piece to the puzzle for me.  The biggest thing for me is to ensure the files are secure so even if I am not building my first few the 'right' or 'best' way, at least I won't be comprimising the client's  info but I'm trying to get it more right each time.

 

Forums and posters like you are a god sent for people like me working on their own trying to figure this stuff out.

 

A couple more projects and I might actually make a little money in the end cause I'm sure not right now with the time I invest. lol

 

Thanks again for all your help!