php include - above root directory

[tillabong]

if i want to include a sensitive file like a database login, where should i place the file when i upload to x10hosting server? if my root directory is public_html/www.mywebsite.com do i place it at public_html/databaselogin folder? and how do i link to that file using php include?

thank you very much.

 

[vishal]

u can use any folder inside public_html or there itself
U can use include function in any php file to link it
For eg
<?php
include("includes/connection.php") // includes is the folder where connection.php is located
?>

 

[tillabong]

but the php include function only allows me to include files that are in my root folder which in this case is public_html/www.mysite.com. i want to store my database login above the root folderlike public_html/databaselogin for security purposes.

 

[vishal]

U mean outside the root folder i e.(www.mysite.com -root) and u wanna place databaselogin in public_htnl or wht

 

[tillabong]

yes i would like to place the file outside the root folder. and use php include to put it on my site.

 

[vishal]

Since the database login is in the root folder u should use
<?php
include("databaselogin.php") // since in root folder no path is req
?>
try this this must solve ur problem

 

[tillabong]

my root folder is public_html/mysite.com. the database login file is in public_html/databaselogin folder which is outside the root folder. so the php include you wrote wont work.

 

[vishal]

Try referring absolute path....
Is this a addon domain.

 

[tillabong]

ok i figured it out myself already. thanks anyway .

 

[marshian]

I lol'd

If you want to "secure" a script, don't put it in public_html at all, you can put it even higher than that. (eg. make a directory nonpublic_html)
As vishal2 (finally) noticed in the end, you can use absolute paths ("/home/username/public_html/script.php" for example), or perhaps easier: relative paths can do this too.
To refer to the directory above the one you're currently in, use "..".

So, if you have a script in public_html/site.com and want to refer from there to a script public_html/nonpublic/script.php, you can use

include "../nonpublic/script.php";

Edit: sorry, too late

 

[vishal]

marshian u made an important point...... good i support u

 

[misson]

If you want to make things really simple, put an init.php in ~/public_html and include it with a include_once($_SERVER['DOCUMENT_ROOT'] . '/init.php'). Within init.php, add top-level include paths:

// add ~/include/php and doc root to include path
set_include_path(get_include_path() 
        . PATH_SEPARATOR . dirname($_SERVER['DOCUMENT_ROOT']) . '/include/php'
        . PATH_SEPARATOR . $_SERVER['DOCUMENT_ROOT']);

If you want to get fancy, define a function to append to the include path:

 function addToIncludePath($path) {
    $currIncPath = get_include_path();
    if (!preg_match('#(^|' . PATH_SEPARATOR . ')'.preg_quote($path, '#').'(' . PATH_SEPARATOR . '|$)#', $currIncPath)) {
        set_include_path($currIncPath . PATH_SEPARATOR . $path);
    }
}

If you're on paid hosting, you can set auto_prepend_file (with php_value in .htaccess) to make this even easier, including init.php implicitly. At that point you can set include_path directly, but doing it in init.php means it's auto-configuring; you don't need to have a different configuration for your development and live servers.

 

[vishal]

Really helpfull misson, thks for the info

 

[tillabong]

thanks for all the help. but how do you include a file that is not under /home/user/public_html. lets says i put it in /home/user/databse folder.how do i use php include to direct the file there?

if my root folder is /home/user/public_html/mysite.com and i put my database log in file above my root site but still under public_html folder. why wont it be safe? cause my root directory is still /home/user/public_html/mysite.com and people cant access files above my root directory if they access my website right?

sorry i know thats a bit too many questions. im really new at this. hope you guys could help me out. thanks.

 

[vishal]

U can use relative path like inclued "/home/user/databse.php"
If you looking for more security u will have to begin from the first.Try using relative path it nust work

 

[tillabong]

it doesnt work.

 

[vishal]

Sorry, i will give a try to solve it and if i get i will post you

 

[Anna]

I do believe that to be able to include a file not in the public_html folder (or one of its subfolders), you'll need to use absolute path.

Should be something like: /home/cpanelusername/path/to/script/script.php

 

[vishal]

I just tried using relative path and it just working fine... I dont know why you ends up with error

 

[tillabong]

i created a folder home/user/Database and i put the database login file in that folder using php include.

include_once '/home/user/Database/db_connect.php';

and it gave this error.

include_once(/home/user/Database/db_connect.php) [function.include-once]: failed to open stream: No such file or directory