How to Include outside Web Root?

PHP
1

On my website, any web page which needs to connect to MySQL has the following code at the top of the file…


	// Connect to Database.
	require_once(WEB_ROOT . 'private/mysqli_connect.php');

Where the constant WEB_ROOT is defined in config/config.inc.php like this…


	// Website Environment
	define('ENVIRONMENT', 'development');
//define('ENVIRONMENT', 'production');


	// Web Root
	define('WEB_ROOT', ENVIRONMENT === 'development'
			? '/Users/user1/Documents/DEV/+htdocs/06_Debbie/'
			: '/var/www/vhosts/MySite.com/httpdocs/');

This code works as-is, but the problem is that I do NOT want my Database Settings in the Web Root of my Production environment!!

So, here is what I need help with…

1.) According to GoDaddy, I should have “root” access on my VPS, and thus be able to create directories and files outside of the Web Root.

The syntax for my Production Web Root is like this…


/var/www/vhosts/MySite.com/httpdocs/

Where should I put my Database Settings for the greatest security??

Would this work…


/var/www/vhosts/MySite.com/PRIVATE/

2.) Unfortunately, NetBeans will not let me create a directory outside of the Web Root. (Don’t ask me why?!)

This creates a problem in that I cannot have similar directory structures between Dev and Prod.

And my goal is to either have code that works in both environments as-is, OR which can be adapted with minimal changes.

So how should I modify my code so I can easily switch between my “Development” and “Production” environments and still point to my Database Settings?

In Production, my Database Config file should be outside of the Web Root for extra security.

In Dev, I think it is okay to keep my “private” directory which is located inside the Web Root.

I can see a few ways to tackle things, but will wait to see what the gurus out there think!!

(BTW, my entire code-base is PROCEDURAL, so please keep any recommendations in that coding style.)

Sincerely,

Debbie

2

Well firstly, you should be able to do that in Netbeans. I personally use PhpStorm, but I see no reason why Netbeans would not allow you to do this.

There’s a way you can do this without changing any code at all between environments.

You need to use an apache environment variable. This is a variable that you setup in your apache virtual host config that is unique to each host. So for your production apache settings, you set the variable to “PRODUCTION”, but for development, you can set it to “DEVELOPMENT” or whatever. You can then pickup this variable from within php, and from there you can have a case statement or whatever to determine which environment you’re on, and therefore which configuration to use.

Version 1 of the Zend Framework uses this technique.

Here’s a code snippet from the standard index.php file from ZF1:


// Define application environment
defined('APPLICATION_ENV')
    || define('APPLICATION_ENV', (getenv('APPLICATION_ENV') ? getenv('APPLICATION_ENV') : 'production'));

Here’s a snippet from the apache virtual host settings:


<VirtualHost *:80>
  ServerName websitename.local
  DocumentRoot /vagrant/public
  SetEnv APPLICATION_ENV development
  <Directory /vagrant/public>
    DirectoryIndex index.php
    AllowOverride All
    Order allow,deny
    Allow from all
    Options FollowSymLinks
  </Directory>
</VirtualHost>

Notice the line “SetEnv APPLICATION_ENV development”? This is the line you need.

From there, you can use the getenv(‘APPLICATION_ENV’) function to return “development” or “production”, and from that variable you can determine which database settings to load in your own config. This should allow you to keep your code EXACTLY THE SAME in both production and development, yet still maintain different database settings for both.

In terms of where you should store the settings themselves - you are correct in storing them above your web root. You should be able to do this in Netbeans (could it be that you declared your project at the web root level in netbeans? If so, you may just need to create a “new” project in netbeans but just start one folder up when you set the project up).

I would highly recommend this method, as maintaining exactly the same code base between production and development makes things a whole lot easier in general.

Edit: I just saw this line in your own code:


    define('ENVIRONMENT', 'development');

So basically, you could just change that to this:


    define('ENVIRONMENT', getenv('APPLICATION_ENV'));

So long as you set the APPLICATION_ENV variable in your apache virtual host settings, you should now have your ENVIRONMENT variable dynamically set depending on which server you are on :slight_smile:

3

aaarrrggh,

Thanks for the reply.

You idea sounds interesting, but I am worried it might be over my head… :frowning:

Obviously I would have posted here if I didn’t want to make things better, yet I am very skiddish about trying to do anything with Linux or Apache or PHP on my Virtual Private Server, because I have NO CLUE about any of that stuff!!!

Not saying I would try what you are suggesting, but my larger fear is that I start tinkering with Linux/Apache/Php on my VPS, don’t know what I am doing, and create some major security hole?! :eek:

(I did set up “virtual hosts” on my MacBook, so I could run different NetBeans projects on MAMP and not have to have all sorts of different code. But I have never touched anything on my VPS…)

Not sure if I’m good enough to implement your advice… :blush:

Sincerely,

Debbie

4

Ok, so basically, you need to speak to your host about where your apache virtual host settings are. You should have a file somewhere, usually named after the website itself inside of “sites-available” or something like that (probably called “mysite.com” inside that directory).

First thing to do is to make a backup of that file. Once you’ve done that, it means even if you mess anything up, you should be fine as you can just revert back to that file.

Ideally you need to be ssh’ing into your machine and typing from the command line…

Are you able to ask your host to make this change for you? Your VPS will just be using a similar apache config to the one you’re running locally…

Do you know what version of linux is running on your vps by any chance?

Also, have you ever used ssh before? If not, perhaps now is the time to try it :wink:

You’re safe with ssh from the command line so long as you don’t delete anything - if you make a backup of the file before editing, you will be fine.

5

What would that file be called on my local machine (e.g. in MAMP)?

I’m not sure, but since it is a “virtual private server”, I am thinking the files should have the same names as I’d see locally in MAMP, but I could be wrong?!)

First thing to do is to make a backup of that file. Once you’ve done that, it means even if you mess anything up, you should be fine as you can just revert back to that file.

Good point!

Here is a little more of the specifics of my situation…

I am with GoDaddy, and have a Virtual Private Server. Currently I have Plesk on my VPS, but don’t like that. I do have a live website up, but it is v1.0 and lame!!

I am hoping to get a new VPS with GoDaddy in the next few weeks with cPanel on it. (I have heard that is both easier to use, and more robust.)

My plan is to get this new VPS with cPanel all set up, and made more secure than what I have now, and then upload all of my my “new & improved” v2.0 website files.

So in addition to having a way more complex website, which is actually under pretty good control, I hope/need to take this whole Server Administration thing to a new level. :eek:

It will mean that I will need to learn how to manage the Server more so myself, and possibly use SSH, and do things like create folders outside of the Web Root. (I’m totally in over my head, but to have a serious and a secure website, I guess I have to learn this stuff?!)

(I could pay GoDaddy to do this for me, but I need to learn this myself, although I’m terrified right now…) teeth chattering

Ideally you need to be ssh’ing into your machine and typing from the command line…

Should I start another thread on that topic? (I have LOTS of questions on it!!)

Are you able to ask your host to make this change for you? Your VPS will just be using a similar apache config to the one you’re running locally…

For $$$, I’m sure GoDaddy can do a lot, but I think it is better if I start learning these things.

Do you know what version of linux is running on your vps by any chance?

I think they said CentOS 6…

Also, have you ever used ssh before? If not, perhaps now is the time to try it :wink:

Should I start a new thread? :wink:

You’re safe with ssh from the command line so long as you don’t delete anything - if you make a backup of the file before editing, you will be fine.

Easy for you to say!! :stuck_out_tongue:

Sincerely,

Debbie

6

Sure, start a new thread. I’ll show you something that’ll help you I think… I’ll introduce you to the world of virtual machines (read: a safe sandbox for you to play with) :wink: