0

I have a very minimal HTML + JavaScript website, running on an Nginx web server.
I'm using Ubuntu and also have PHP7.2 installed.

I would like to trigger a PHP script execution when a button is clicked on the website.
The PHP script contains sensitive data so it shouldn't be accessible by the end user.

How can I do that?

Thanks!

HTML

<html>
    <head></head>
    <body>
        <input type="text" name="user_input">
        <input type="submit" value="user_submit">       
    </body>
</html>

Nginx

server {
    listen 80;
    listen [::]:80;

    root /var/wwww/html;
    root index.html;

    location / {
        try_files $uri $uri/ =404;
    }
}
Yanir Mor
  • 581
  • 3
  • 15
  • PHP code can't be accessed or seen by the user - only those with access to the actual server can see its content. – Qirel Aug 01 '19 at 10:30
  • Thanks @Qirel so how can I execute the PHP script with the settings I've described above? – Yanir Mor Aug 01 '19 at 10:34

1 Answers1

0

I think that what you want to do is submit a form:

<html>
    <body>
        <form action="yourfile.php" method="post">
            <!-- Your form fields -->
            <button type="submit">Submit</button>
        </form>
    </body>
</html>

Then on the php file you will find your inputs in the $_POST variable.

Be careful tho: if the webserver is not configured to block a request to that file someone will still be able to access it at http://example.com/yourfile.php and see it plain text. You either need to:

  1. configure the webserver to block this request OR
  2. (better) put your php script in a folder which is not reachable, and use a php file which would look somehing like this:
<?php
// Assuming your script is 1 level below:
require __DIR__ . '/../yourfile.php';
// Launch a function or whatever is needed here.

If when submitting the form you download the file instead of executing it, configure nginx along the lines of this example (of course, full credit to the OP)

KeineMaster
  • 285
  • 5
  • 14
Aranarth
  • 68
  • 6