Reputation: 21
access folder outside public-html
I propose to have a folder (named outsidefolder) outside htdocs and to be outside public_html and in the folder there is index.php with links to other pages, class files used in outsidefolder. In htdocs and later in the public_html folder I have a folder (named folderinside) that is used to access the outsidefolder outside the public_html.
In folderinside I have a style folder with the style file,js for the javascript, images for the images, which is used for all the pages in the outsidefolder.
example :
href="http://localhost/folderinside/style/style.css";
In the folderinside I have a login.php, action_form.php, pages.php and pagesone.php to be accessable from the site.
The login.php:
action ="http://localhost/folderinside/action_form.php
and the form has when sent to action_form.php, which has the following php code.
if (!empty($_POST['i-action']))
{
$action = str_replace('.', '', $_POST['i-action']);
$action = str_replace('/', '', $action);
if (file_exists("../../outsidefolder/includes/$action".'.php'))
require_once("../../outsidefolder/includes/$action".'.php');
}
Login-action.php calls process.php,both in outsidefolder and process.php is a class file in the outsidefolder,where the form is processed and on success
include"../../outsidefolder/index.php";
The links in index.php.
href="http://localhost/folderinside/pages.php?page=pageaaa"
and so on where page=pagebbb etc. In pages.php is the following php code,as example.
$allowed = array('pageaaa', 'pagebbb', 'pageccc', 'pageddd');
// the pages
if ( isset($_GET['page']) ){
$page = $_GET['page'];
if ( in_array($page, $allowed) ){
include("../../outsidefolder/$page.php");
}
}
All the pages in index.php in the outsidefolder have links in them and to do the same with those links using pagesone.php in the folderinside.
My questions are; is this secure and practical
Upvotes: 1
Views: 3185
Answers (2)
Reputation: 522015
I don't know about your specific scheme, but generally it's a good idea to have a "backend" folder outside the public document root, and only expose files which directly handle HTTP requests to the internet in the public document root. In any decent system you'll have database classes, template files, background workers/cron jobs etc.; those aren't meant to be accessed directly and hence must not be exposed publicly under any circumstances.
Typically you might have something like this:
public/
js/
css/
imgs/
.htaccess
index.php
app/
foo/
bar.php
baz/
...
The public folder only contains files that must be publicly accessible, like Javascript, CSS and image assets. Beyond that it only contains a small bootstrap index.php file which handles all requests and loads classes/routers/controllers as necessary, which further handle the request as appropriate. With a decently configured web server you don't even need that index file, but have the web server invoke appropriate backend scripts as necessary.
The smaller the publicly exposed surface the fewer problems you invite.
There should be no trace of any of that in the used URLs. A URL might be /users/profile, which is handled by index.php and resolved internally as necessary.
Upvotes: 3
Reputation: 1884
No. It isn't practical because why would you require a project to have some of its core functions outside of itself?
Equally why would you require duplicates? - "All the pages in index.php in the outsidefolder have links in them and to do the same with those links using pagesone.php in the folderinside."
It isn't any more of less secure, as it's just a call or reference to a file - but it's entirely impractical, especially when the site goes live. Remember, unless specified otherwise "index" will be your first page to open when the site is live. So if you're "outside" folder is placed inside public_html on a live hosted website, and then your subsequent folders which contain the real site are within that or external, the site will still automatically load "index" rather than "pageone" etc.
Save yourself the hassle of sorting your files out later, and instead build them intelligently, now.
Upvotes: 0
Related Questions
- give access to file outside www/html folder
- Accessing folder outside of website root PHP
- Accesing files outside of public folder
- Access files outside/below public_html level
- access files outside public_html folder
- How can I access files outside webroot within an HTML tag?
- Accessing outside of public_html or httpdocs
- How to read a file within public_html but outside domain ? using relative path
- Html access files outside of the public folder
- How to locate public folder using PHP?