2

I'm using php.ini (on nginx) to store database access credentials for PHP, aiming to get this data out of .php files.

I'd like to set global constants with these values once (only) and make them accessible to all scripts.

I'm currently doing as shown below, this script is require_once() by the database interface script. It works, but on the next request or whenever a page calls the dbinterface script, the constants have to be defined again, possibly because of a scope issue (from what I can gather).

Is there some way, other than using APC, to define these just once?

<?php
    if( !configLoaded() )
        loadConfig();


    function loadConfig()
    {
        $vars = array("A","B","C");

        foreach( $vars as $v )  
           define( $v, get_cfg_var( "ubaza.cfg.$v" ) );
    }


    function configLoaded() //returns false as soon as the caller script exits
    {
        return defined("A") && defined("B") && defined("C");
    }
?>
jmng
  • 2,479
  • 1
  • 25
  • 38
  • you can use Session variables, no? However i am not sure how good a practice this is - to store database credentials in a session. – Lupin Mar 11 '14 at 18:26
  • Why do you have to worry about redefining them? As long as the file they're in is loaded ONLY via include_once/require_once, the actual define() code will only ever get executed ONCE anyways. Constants have a global scope anyways. But they only exist for the duration of the script. If you run some OTHEr script and don't run the define code there, they won't magically carry over. – Marc B Mar 11 '14 at 18:26

3 Answers3

5

You can also set a variable in htaccess and get it in PHP

SetEnv YOURVAR value

And get it in PHP:

print $_SERVER["YOURVAR"];

However as you want to have the constants with values from php.ini - not sure you are able to set them in the htaccess from php.ini

Lupin
  • 1,225
  • 11
  • 17
  • Nice :) Can you comment on this method's security? Definitely more secure than storing the data on a .php, I'm curious how it compares to storing file that's not readable by the PHP process. – jmng Mar 12 '14 at 09:46
  • If storing data in a .php file is insecure, you're doing something wrong. – rm-vanda Mar 12 '14 at 12:03
  • 2
    @derelict, I am no big expert on security, however, as i can see it, it should be better that storing it in a .php file and to increase security you can also write it down on a seperate file than the htaccess (which is usually in the web root) and include it to the htaccess, this way the credentials file will not be accessable, to do this you can use `Include /var/home/sql.cnf` in htaccess where the sql.cnf file actually had the DB information (http://httpd.apache.org/docs/2.0/mod/core.html#include). Any thoughts?? – Lupin Mar 12 '14 at 13:56
  • And for nginx users: http://stackoverflow.com/questions/8098927/nginx-variables-similar-to-setenv-in-apache – jmng Mar 12 '14 at 15:06
  • @rm-vanda http://stackoverflow.com/questions/13976401/why-put-mysql-credentials-outside-of-www-directory – jmng Mar 12 '14 at 15:42
  • @derelict - having those in a .php is not inherently insecure. The answer says so, itself. And, mind you, leaving the PHP files in the www/ would be something I consider "doing wrong" -- albeit, it is still not inherently insecure. – rm-vanda Mar 12 '14 at 15:45
  • @rm-vanda can you include/require the file if stored out of DocumentRoot? – jmng Mar 12 '14 at 16:04
  • yes. You can include `/etc/passwd` if you felt like it. And if, of course, permissions allowed it, etc, etc. – rm-vanda Mar 12 '14 at 17:36
1

Constants have to be "re"-defined every time a script is run because when the script is done, garbage collection cleans it up.

If you need to ensure the constants are only defined once per script, you are doing it correctly -- the current method is perfectly acceptable.

However, if you want to define the constants once and never worry about them again, ever - look into hidef.

It allows allows you to put your constants in an .ini file, thus they are already defined before any script is executed. Coincidentally, it is also the fastest way of using constants, although it takes a bit more RAM.

rm-vanda
  • 3,122
  • 3
  • 23
  • 34
1

What about using auto_prepend_file to run your script before running anything else?

http://ie1.php.net/manual/en/ini.core.php#ini.auto-prepend-file

That way you could write your script once, and then, when set, it will define all constants at the start of runtime.

Eoin Murphy
  • 813
  • 6
  • 9