Reputation: 319
Accessing php file outside root directory via jquery ajax request
I read it's good practice to store php files containing potentially security risk stuff outside the root directory.
Now I have php files containing stuff for proccessing a registration/login. Those are outside the root directory. Now I catch the form content via jquery and send it to this php file.
But this seems not to be possible with js/jquery:
$.ajax({
type: "POST",
url: "../php_includes/register.inc.php", //beyond root path
data: data,
})
.done(function(data, status) {
//...
});
Do I have a design error or just doing something wrong?
Whats the "best practice" solution here?
Upvotes: 6
Views: 5878
Answers (3)
Reputation: 57719
A "best practise" would reduce the number of entry points to 1. Rather than having index.php, login.php and register.php you have just one file handler.php that handles all incoming requests (aided by rewrite rules).
handler.php bootstraps your application and contains routing information that determines how a request should be handeld. Modules in your application can register routes and that is how that code gets activated.
All your code can be stored outside of the webroot, only handler.php is exposed. And handler.php can be as simple as:
<?php
include(__DIR__ . "/../includes/bootstrap.php");
Rewrite rule to capture all requests:
RewriteEngine on
RewriteRule ^(.*)$ handler.php?path=$1 [QSA]
Upvotes: 8
Reputation: 770
You'd rather store security-related stuff like configuration files and alike in an external (non-accessible) directory. But if you need to access information stored in these files, you have to create a controller that will filter the access and provide the information in a secure way if needed.
Apache will not serve files that are not located in the website's root directory.
Upvotes: 2
Reputation: 3446
You wont be able to access any files outside the root directory from the browser (ie. like you're trying to do using Javascript). The entire point of storing files outside the root directory is so that they are not accessible by the client.
It is necessary and safe enough to place registration code inside the document root.
Upvotes: 4
Related Questions
- JQuery: Cannot Access php file using Relative Path
- Javascript cannot access php script ourside of root
- Cant find PHP file with AJAX request
- Trouble accessing file in other directory using Ajax, am I specifying the path wrong?
- Jquery ajax exposes php file
- ajax calling to a php file
- Passing file path to php script
- Using Ajax to access an external php file
- jQuery.ajax access file outside root directory
- Jquery.ajax access file outside public_html folder