I am trying to make my website more secure by placing the include file I use for connecting to the database one directory above public_html. This is the code that I use:
include dirname($_SERVER['DOCUMENT_ROOT']) . '/includeFiles/DBconnect.php';
This works fine for all of my PHP files in public_html that require access to the database. However, $_SERVER is not defined in crontab and, therefore, will not be able to access the database in the same way.
My sendEmail.php file has accessed DBconnect.php in public_html for a long time, and so this was never an issue before I became security conscious⌠And sendEmail.php is a file that I manually run from time to time on the web front-end AND is executed using a cron each night.
So what is the best way to include files above public_html since I canât use $_SERVER[âDOCUMENT_ROOTâ as part of the path?
You could place a common âsetupâ file in the directory above public_html that set this up for you. Then your web and cron tasks only need require this file to have the common things that both contexts need initialising.
So, if you created this file (letâs call it bootstrap.php, since thatâs a commonly understood concept)
Then have your web files and cron tasks both require the bootstrap.php file and two things happen. First, youâll have an APP_ROOT constant defined, which will provide the full system path to the directory that bootstrap.php resides in. Second, both web and cron contexts will have already included the DBconnect.php file.
If youâre using objects, you should probably try to get your head around namespacing and autoloading but this at least should give you a fix for what you need right now.
The magic constant __DIR__ has the path to the directory of the current file. It is equivalent to dirname(__FILE__). Using realpath() is unnecessary in this situation, the magic constants are real paths to begin with.
RavenVelvet, I tried to do what you suggested but it didnât turn out exactly right. I started off by creating databaseBootstrap.php and put it in a directory called âincludesâ one level up from public_html. Here is the content:
Then I made a file called databaseConnect.php with the code needed to connect to my test or production database and threw in some echo statements also so I could verify it in both test and prod:
if (php_sapi_name() == âcgi-fcgiâ) {
echo âConnected to production DB.â;
} else {
echo âConnected to test DB.â;
}
Then I made another file, databaseTest.php which according to your instructions, should require the bootstrap.php:
So either Iâm not understanding you, or perhaps you made a mistake in your directions? I have since copied the databaseTest.php file into several directories deep inside public_html. Each time I check the new location in the browser, it is able to successfully connect to the database.
Since everything seems to be working now by pointing to databaseConnect.php, then I am left wondering what the purpose is of databaseBootstrap.php
@busboy - the bootstrap file doesnât work because itâs in the wrong location. If you did an ls in your applicationâs root directory, where the bootstrap is meant to live in this particular example, you should see something like this.
bootstrap.php
includes/
public_html/
The line define('APP_ROOT', __DIR__); should set the APP_ROOT constant to the directory that contains both the public_html and the includes folders.
If you wanted to created the file as databaseBootstrap.php inside the includes folder, then youâd need to knock off the includes segement in the second line of the bootstrap, resulting in a file that reads like this: