Where do i put my files?

[jonasdb]

Hello,

i have some trouble with all the folders. Where do i have to upload my web files .php etc, in which folder?
Cuz ive put it in www, but when i go to my site, then it shows index of / with all the files which i don't want!

So is it possible to put files on this server, so when u do mysite.com you don't see it so people can't steal my files???

Thanks in advance!

 

[leafypiggy]

You put them in public_html or www. They both are linked.

Any files you put there will be visable on your site.

The file you want shown upon visiting yoursite.com, you will want it to be called "index.php" (sans quotes), or whatever your extension is for the file.

 

[matthew9090]

it does that because there is no index.html or index.php because apache looks for an index or home page.

 

[leafypiggy]

I just explained that, please delete tour post.

In other news: PLEASE PLEASE PLEASE PLEASE: SECURE YOUR DATABASE CONNECTION INFO!!!

Anyone with a computer can visit a file with a name that is common to put settings in.

It's just not a good idea. I could, with the information contained in that file.

Completely destroy your whole database.

Why not search google for "how to not give direct access to a file", I'm sure you'll find an answer.

 

[jonasdb]

Ok thank you very much!

This should work isn't it?

Put into page that is including external php page:

PHP Code:
<?php
// Def Constant
define( 'parentFile' , 1 );

// Load Functions
include('includedfile.php');
?>

Put this into the 'includedfile.php' page:

PHP Code:
<?php
/**
* Check For Constant.
*/
defined( 'parentFile' ) or die( 'oh noes' );
?>

ALSO THIS!!!

if i got to mysite/secretfile.secret, then it shows the content!
Is there a way to hide that?

Thanks!

 

[leafypiggy]

Chmod it to.. I think 0646.

That should work.

 

[descalzo]

What secretfile.secret ? If it is supposed to be a php script, it has to have .php as an extension.

 

[leafypiggy]

Declazo, you can call .inc files, .class files, and others in a php script (although I think it's .Inc.php), and depending on the extension, it does certain things. For example, .inc isn't executed until called upon.

 

[descalzo]

Declazo, you can call .inc files, .class files, and others in a php script (although I think it's .Inc.php), and depending on the extension, it does certain things. For example, .inc isn't executed until called upon.

I know that. Now, what is this secretfile.secret he is talking about? I don't see it in the code he posted. Is it an included file? Is it a file that he wants to call from the web and be executed like a .php file?

 

[leafypiggy]

He had config.Inc or something in his directory. I honestly don't know what he's doing.

 

[jonasdb]

He had config.Inc or something in his directory. I honestly don't know what he's doing.

Ye, i have that, so if i chmod that and give it as name some random **** that u really can't guess like 13gETgl25Hjd35g.inc, then it would be rare that someone can access it?

 

[descalzo]

1. Name the file config.ini.php ... now try calling it from the web and Apache should run it, generating a blank page.
2. Even if you do 1) ,
a. create a directory in /home/cPanelUserName ... call it 'includes'
b. move config.ini.php there
c. use require_once( '/home/cPanelUserName/includes/config.ini.php' ) to include the file
PHP can find the file, Apache (the webserver) cannot. So your script can access it, but you cannot access it directly from the Web.

 

[jonasdb]

1. Name the file config.ini.php ... now try calling it from the web and Apache should run it, generating a blank page.
2. Even if you do 1) ,
a. create a directory in /home/cPanelUserName ... call it 'includes'
b. move config.ini.php there
c. use require_once( '/home/cPanelUserName/includes/config.ini.php' ) to include the file
PHP can find the file, Apache (the webserver) cannot. So your script can access it, but you cannot access it directly from the Web.

Ok, and do i still have to chmod it?
Thanks!

 

[descalzo]

Permissions set to 0644 should be fine.

 

[jonasdb]

Permissions set to 0644 should be fine.

Ok thank you very much!