Re: Site root question: Newbie


Thanks for the feedback. I'll chew it over.



In article <4ladasF10bmnU1@xxxxxxxxxxxxxx>, user@xxxxxxxxxxx says...
Pupkin wrote:
In article <4l96eaFsrm0U1@xxxxxxxxxxxxxx>, user@xxxxxxxxxxx says...
Pupkin wrote:

Is there a way in PHP to set a global variable that will tell all of the
root-relative links in this dev site to really look here for a starting
point: "http://www.site.com/client/dev/2006/";?
That depends on how the thing is coded, I would guess that the variable that
you set to "/client/dev/2006/" was all you needed to change.

That was a variable that only sits in front of all of the site includes,
all of the root-relative links in the site are still looking at
http://www.site.com/ as the root rather than
http://www.site.com/client/dev/2006/.

I know the easiest way to change this is set-up a new dev site rather
than using a subfolder in a preexisting site, but I can't make that call
on this project.

Modify the code instead to be independent of being in a "root" directory or in
a sub directory.


Thanks. I've found that most docs at this level are written for tech-
types who are already fluent in the vocab, rather than hand-holding a
newbie through the basics, and that's what I'd like to find, if
possible.

As a newbie back in the early 90's I used those docs to configure my first
Apache server to run on AmigaOS and it took me a couple of years more before I
used an Unix machine for the first time.


In IIS, you set the root folder of the site via the management console,
and that is the root folder. In all of the PHP sites I've seen there are
always a couple of folder levels outside the web site root (usually like
/usr/sitename/www/) and these seem to contain necessary php files like
pear, and setting root-relative links, especially with include files,
can be a real pain, in my limited experience.

In apache you set the document root with DocumentRoot option in the apache
config file (you can have different for each virtual host).

For security reasons you may not want it to be possible for someone outside
the server to execute some scripts, those you place outside the root for the
website, this way no one can use an url and try to run a script (think this is
still possible in iis, which is a bad bad thing). You may want to place files
that includes login and passwords for sql servers outside too, just in case of
php would be disabled at a upgrade (in that case you would send the php as
plain text and anyone could read those passwords and logins).

Say you have:
DocumentRoot /usr/sitename/www/

Then you place files that you don't want to be accessed from the outside in a
directory in /usr/sitename, say /usr/sitename/secretfiles, the php scripts can
access the files as long as they are readable for the user as whom the
webserver is run as, but you can't use an url like:

http://www.site.com/../secretfiles/displayall.php


I thought there was a quick way in PHP to set a built-in function to a
specified virtual root path, but maybe not.

All settings for php itself is stored in php.ini, but there is no specific
root directory setting for php, thats completely up to the author of the
scripts to define how s/he wants that be set. Keep in mind that php is
something that access the whole system, but can be limited in where it's
allowed to run, but that won't change how it works.

In the scripts you are supposed to work with, they most likely use
$_SERVER['SERVER_NAME'], which would only give you the "www.site.com" part,
you need to add a $_SERVER['REQUEST_URI'] to get the
"/client/dev/2006/scriptname.php" part.

http://www.php.net/manual/en/reserved.variables.php


//Aho

.

Relevant Pages

  • Re: Site root question: Newbie
    ... That was a variable that only sits in front of all of the site includes, all of the root-relative links in the site are still looking at http://www.site.com/ as the root rather than http://www.site.com/client/dev/2006/. ... and that is the root folder. ... In all of the PHP sites I've seen there are always a couple of folder levels outside the web site root and these seem to contain necessary php files like pear, and setting root-relative links, especially with include files, can be a real pain, in my limited experience. ... For security reasons you may not want it to be possible for someone outside the server to execute some scripts, those you place outside the root for the website, this way no one can use an url and try to run a script. ...
    (alt.php)
  • SUMMARY and apology Re: Some bash/tty questions
    ... Some people tend to create complex login scripts ... If you don't allow direct login to root, but rather su to root, then so ... Hi, not to bash down on bash, but perhaps you should try zsh, it has the shared history thing built in. ...
    (SunManagers)
  • RE: suEXEC
    ... Change your web scripts to create a file of usernames to create, for example, /var/tmp/users. ... The file should be owned by root, group apache, with permissions 660. ... first virtual hosting is showing username cgiuser but second virtual ...
    (RedHat)
  • RE: Linux hacked
    ... Was any of the sites running a php nuke or another portal or system that is vuln ... been able to use that with a locla root exploit to gain root on the machine. ... > hack the box, pull the drive and save it. ... > Use the newest versions of Gentoo, Apache, SSH, PHP and Squirl Mail. ...
    (Security-Basics)
  • Re: include_path related issue
    ... The actual path of the root dir of my account with hosting provider ... I can specify additional subdomains in the control panel of my account. ... The .htaccess file in httpdocs is similar to the one in my master domain. ... PHP recognizes the include_path setting properly, ...
    (comp.lang.php)