Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

How do I reference files one level up from the document root?

Status
Not open for further replies.
ukblackcat

ukblackcat

Technical User
Joined
Apr 14, 2003
Messages
5
Location
GE
I've been searching the web all day for some form of answer to this but with no joy...
I have a PHP login script that works fine, and uses separate users.dat and log.dat files that are in plain text format (the passwords are md5 encoded). I don't want these to be at the document root level or below, and according to what I've seen written, it would be correct to place them one directory up from the
My web host file structure is as follows:

/home/myname/mainwebsite_cgi -> ../../var/..................../mainwebsite_html -> ../../var/..................../mainwebsite_perl -> ../../var/
where all the mainwebsite directories above are symbolic links to /var/..................................................................................................../perl
..................................................................................................../cgi-bin

I can't create folders under the /var structure at all (probably wise), but can under the /home/myname structure.

The problem that I have is, how does my PHP login script (mysite.com/html/login.php) refer back to the users.dat file (/home/myname/user_data/users.dat)?

In other words, how do I get my Login.php script under the public access to read and write to the users.dat and log.dat under my host home directory structure...

I've tried absolute server referencing (/home/myname/user_data/users.dat), relative referencing (but that just ends up traversing the /var directory due to the symbolic links), and of course, domain referencing is no good as it's outside the document root.

I've seen loads of references to protecting sensitive files by placing them one step back from the document root, but no explanation of how to refer to them.

I hope someone can make some sense of the above...
Thanks.
 
Sort by date Sort by votes
PHP's fopen(), fread() and fwrite() functions can operate on any file on the server's file system, permissions permitting.

If you need to read "/home/myname/user_data/users.dat", then use fopen ("/home/myname/user_data/users.dat", "r");

What error messages are you getting?

Want the best answers? Ask the best questions: TANSTAAFL!
 
Upvote 0 Downvote
The script (pageprotect uses 4 separate PHP pages - Login, Conf, Protect and Admin.

Effectively, the file pointers are set up in the Conf file as in the example snippet given below:

// Sets the path to the user data file which stores the username/encrypted password.

$user_data = "/home/myname/mydirectory/users.dat";

These declarations are then used throughout the other scripts, such as in the Login example below:

// Initial File checks to make sure the files exist before using them.

if(!file_exists($user_data)) {
$fatal_error=$user_data_file_not_exist";
fatal_error($fatal_error);
exit;
}

So, if I understand you correctly, I would need to modify the areas where the files are referenced to use the fopen(), fread() and fwrite() functions?

The error messages are the standard 'file cannot be found' type message.

Note that, just in case anyone is already familiar with this script, the fatal_error part of the snippet given above is my addition, and that the standard script echoes the error message. I pass it to another function to preserve page formatting.
 
Upvote 0 Downvote
I'm not saying that at all -- your question was in the abstract, not in reference to a particular app.

What I am saying is the PHP's filesystem functions as well as include[_once]() and require[_once]() are not constrained by the document root of the virtual web server.

Want the best answers? Ask the best questions: TANSTAAFL!
 
Upvote 0 Downvote
Ok, my apologies if I mislead you and thank you for your help.
 
Upvote 0 Downvote
According to the documentation on the site, you simply use include() to include the functions of these scripts in your site.

You can include() a file from anywhere on your system's filesystem, provided that the username used by PHP has permission to access them.

What error message are you getting when you try to include() these scripts?

Want the best answers? Ask the best questions: TANSTAAFL!
 
Upvote 0 Downvote
I've tried to stick to the recommended setup (as detailed in the readme) as far as possible, but I'm not comfortable with the sensitive files being accessible - hence the post.

The readme file states that the only include() that's required is the line:

<?php include(&quot;protect.php&quot;); ?>

at the top of any page that requires protecting.

The line above is modified to point to the actual location of protect.php and appears as follows:

<?php include(&quot; ?>

The file is there and has the necessary permissions, but the following error messages are being generated:

Warning: main( [function.main]: failed to create stream: No such file or directory in /home/virtual/site75/fst/var/ on line 1

Warning: main() [function.main]: Failed opening ' for inclusion (include_path='.:/php/includes:/usr/share/php') in /home/virtual/site75/fst/var/ on line 1

As you may be able to tell, I have other issues with getting this to work on the server. It works on my local IIS installation though...
 
Upvote 0 Downvote
include() cannot include URLs -- it can only include files from your server's filesystem. This is documented in the online manual:
If the absolute filesystem pathname to protect.php is &quot;/home/users/ then your include statement should read:
include (&quot;/home/users/


Want the best answers? Ask the best questions: TANSTAAFL!
 
Upvote 0 Downvote
Ahhh! Thanks sleipnir214, I'll try that :-)
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

R
  • Locked
  • Question Question
How Can I Use MySQL To Send Data To An Email
Replies
1
Views
829
Chris Miller
Chris Miller
P
  • Locked
  • Question Question
JPgraph - How to stop a line graph from dropping to zero?
Replies
2
Views
900
Chris Miller
Chris Miller
W
  • Locked
  • Question Question
how to send checked row data in php
Replies
0
Views
596
wiltang2004
W
EdLentz
  • Locked
  • Question Question
I need a simple example of how to send a table of info .
Replies
8
Views
1K
EdLentz
EdLentz
rogerte
  • Locked
  • Question Question
How to parse associative array
Replies
13
Views
3K
Chris Miller
Chris Miller

Part and Inventory Search

Sponsor

Back
Top