1

So, i am working on an eCommerce style of website and i own a host/domain. From my understanding, i should place my PHP files in another location than public_html(for security purposes), the location of index.html being in /home/user/public_html. I want to put my PHP files in the php folder. I have tried using:

include("home/user/php/file.php") or include("../php/file.php").

I have enabled the use of these commands in the ini file and i also tried to set permissions to the folders(read/write/execute).One thing that was working is to set a subdomain with its "root" folder to the php folder, but i guess that defeats the purpose of having the files somewhere else on the server, especially because i was using an object to place my php like so:

<object class="php-script" data="database.php"></object>

and under my java scripts i put :

<?php
    include("/home/user/php/database.php");
?>

Thanks in advance for helping me.

TakeDown
  • 75
  • 1
  • 10
  • 1
    What happens when you do this? Do you get an error? – ceejayoz Apr 03 '18 at 13:28
  • if i try to make a script that sends an email, when i click "send" it says it can't find the file (i.e. script that sends the email). – TakeDown Apr 03 '18 at 13:38
  • "It says" as in you get an error message? Can you share the exact wording? – ceejayoz Apr 03 '18 at 13:44
  • when i click "send" it goes ahead and it redirects me to a white page with "URL could not be found". Similar to a php error message – TakeDown Apr 03 '18 at 13:49
  • That likely has nothing to do with the include. Sounds like you've got a `
    ` tag with an `action` value that's not valid.
     – ceejayoz Apr 03 '18 at 14:03
  • indeed. i realised now that it is kinda stupid what i am trying to do, and won't really help. so now, i'll need to look up a way link a php file, or just write most of the page in php and use include – TakeDown Apr 03 '18 at 14:21

2 Answers2

0

Just try the following code. see what it outputs. basically u need to use: $_SERVER['DOCUMENT_ROOT'] to navigate to file instead typing path yourself.

//to get site url 
echo $site_url = "http://" . $_SERVER['SERVER_NAME'] . dirname($_SERVER['PHP_SELF']); 

//to the folder
echo $dir = $_SERVER['DOCUMENT_ROOT'].'/user/php/';

if (file_exists($dir) == false) {
echo  "Directory $dir not found!";
} else {
echo "directory found and we are ready to proceed.";
}

let me know your response, i ll help u further.

Galzor
  • 825
  • 8
  • 16
  • 1
    I highly won't recommend that because using `PHP_SELF` is a known security issue: 1st you don't consider the fact that the scripts could be out of the document root which 2nd leads to publish an internal and normally omitted server path within `$site_url`. – codekandis Apr 03 '18 at 13:42
  • Please replace "gifogrup" with user. At first i didn't want to give that since it is a confusing nam. This is what i get." http://www.gifogrup.ro//home/gifogrup/public_html/gifogrup/php/Directory /home/gifogrup/public_html/gifogrup/php/ not found!" – TakeDown Apr 03 '18 at 13:43
  • @codekandis okay, thanks for pointing out that to me. you learn something new everyday – Galzor Apr 04 '18 at 07:21
0

Normally using relative paths with include or require means using relative paths starting from the directory your first called script of an URL call is located.

Example:

application
    src
        database.php
        somescript.php
    public (document root)
        index.php
        news.php

http://example.com/index.php

public/index.php

<?php
include '../src/database.php'

This should be easy to understand.

http://example.com/news.php

public/news.php

<?php
include '../src/somescript.php';

src/somescript.php

<?php
include '../src/database.php';

So take care of the include in somescript.php. It doesn't matter that it is in the src folder. An include like include 'database.php' will fail, because it's the path of the news.php which matters.

Edit (2018-04-04)

I forgot to mention. Consider to use require() / require_once() instead of include() / include_once().

Difference between require, include, require_once and include_once?

codekandis
  • 712
  • 1
  • 11
  • 22
  • so i should create another file with all my includes and when i want to acces one of those files, i just use "somescript.php" directly? – TakeDown Apr 03 '18 at 13:51
  • @TakeDown No. I wanted to show you, that including a file that includes a file does not change the relative path you have to use. You always start 'pathing' from the first PHP script. – codekandis Apr 03 '18 at 13:57
  • it has worked, thank you very much for your quick response. just a quick question, though. To use include function in news file, i need it to be a php one. isn't that, again, a security vulnerability? or is it ok because it only has the include function and the object tag(in my case)? – TakeDown Apr 03 '18 at 13:59
  • @TakeDown Consider my latest edit ... And to answere your question in your latest comment. At least our script should have an extension which has to be registered by the servers configuration to be executed and parsed with PHP. If not the file will be responded as is - this can lead to a security vulnerability, e. g. if you have sensitive data like login data in it. By default those registered extensions are `php`, `phtml`, `htm` and `html`. All scripts included with required / included by an actually PHP-executing script are parsed with PHP as well. – codekandis Apr 04 '18 at 06:42