1

I am on a shared host and do not have access to the php.ini or apache config files. I have PHP class files stored outside webroot that I need to access with HTML and I know that

<form action="../../classes/someclass.php" method="post">

will not work.

What kind of PHP script would I have to write to be able to access these files?

Monica
  • 1,585
  • 3
  • 23
  • 34
  • 1
    You cannot. If you want something to be available - why don't you just put it under webroot – zerkms May 07 '13 at 02:07
  • I can't create a PHP script to do this? – Monica May 07 '13 at 02:08
  • 1
    explain the original task – zerkms May 07 '13 at 02:08
  • I want to create a PHP script to use with HTML so that I can access files stored outside of webroot. – Monica May 07 '13 at 02:09
  • 1
    it's not a task, it's a solution. Explain WHY you need that. Explain why you cannot just put all your files under webroot – zerkms May 07 '13 at 02:10
  • Why would I? There is secure data in the PHP files. EDIT: even if I did, I still store the dbconnect.php file (that contains DB credentials) outside webroot. – Monica May 07 '13 at 02:11
  • 1
    it doesn't explain anything. So? You want to serve them to the client. Does it matter if you are serving it from webroot or from a directory a level upper? Again, **WHAT** are you trying to do? – zerkms May 07 '13 at 02:11
  • Why are you not just doing `
    ` and inside `myfile.php` you do this `` [docs](http://us3.php.net/manual/en/function.include.php)
     – kittycat May 07 '13 at 02:16
  • I don't need users to see my classes. They don't need to be served, just implemented. – Monica May 07 '13 at 02:16
  • @NojoRu: "They don't need to be served" != "How can I access files outside webroot within an HTML tag?". In your question you're asking how to access something that's above webroot. Now you're saying you don't want that. Hold your breath and rewrite the question so that it expressed your real intentions – zerkms May 07 '13 at 02:16
  • Why would a user see the content of a PHP file when it's being served? It'll just be parsed and the end user will see an empty result. Big deal. That's why @zerkms is asking all these pesky questions - you're implementing a solution to a non-existent problem. – Niels Keurentjes May 07 '13 at 02:17
  • In a shared hosting environment, you will find that you have restrictions that will limit you to your webroot. – raidenace May 07 '13 at 02:17
  • @Raidenace not true, in most hosting environments like DirectAdmin and Plesk you can access your entire `home` folder, not just the webroot. – Niels Keurentjes May 07 '13 at 02:18
  • @Raidenace: uhm, that depends. I have never seen such a terrible hosting to be honest ) – zerkms May 07 '13 at 02:18
  • @Niels there isn't a problem. I just don't want my classes stored inside webroot. They don't need to be in webroot. This is a very common practice. – Monica May 07 '13 at 02:19
  • @NojoRu: the very common practice - is to have them above webroot (right) and **never** access them directly (this is where you're missing your point). – zerkms May 07 '13 at 02:20
  • I've never done it in years of professional webdevelopment (not counting centrally installed frameworks or libraries). Nor have I ever met a professional webdeveloper that did it. I would like to read more about how this is 'common practice'. – Niels Keurentjes May 07 '13 at 02:20
  • I created a directory called 'www' and made that my webroot so that I could store files outside of it. Then I made the domain redirect to that 'www' directory. – Monica May 07 '13 at 02:20

2 Answers2

3

You would need to write a controller or proxy that's accessible and will route the request down to the desired class.

/someclassproxy.php

Inside that script you would have:

require '../../classes/someclass.php';

However, it's not common practice to have internal classes handle requests directly. Rather, the controller should use the class to handle the request.

Ja͢ck
  • 170,779
  • 38
  • 263
  • 309
  • +1 to save from having -1, but still - we'd better solved the real issue – zerkms May 07 '13 at 02:19
  • @zerkms Thanks. You have a point there, so I've added a small paragraph covering the potential issues of using an internal class as a controller. – Ja͢ck May 07 '13 at 02:28
1

You can't POST to nested files, but you can access files within your designated shared directory.

So suppose you have access to home/var/www/ or something like that. and have NO access above www.

You might have your site within a directory on that level, so your site would be at 

home/var/www/yoursite

Now, suppose you had a file called config.php in the www folder. Suppose you ALSO have a file called post.php in the yoursite folder.

post.php can easily include config.php:

<?php 
include('../config.php');

?>

but obviously you cannot post to config.php because it is above the site's designated directory.

HOWEVER -

I don't think this is news to you. I'm not sure I understand your problem 100% since you seem to know enough to know you can access files with include...

Maybe I just don't get your question. Feel free to clarify any more than you think you already have. Or at least explain why you can't use a basic include

Kai Qing
  • 18,793
  • 5
  • 39
  • 57
  • I guess I could use an include, but the way I was taught PHP was to put PHP class files outside of webroot. – Monica May 07 '13 at 02:22
  • that's what I'm saying here, except that PHP does NOT have to be outside web root. That's illogical. But config files or sensitive things, sure – Kai Qing May 07 '13 at 02:23
  • However, if you're saying you want ALL php above web root, then I agree with niels. There's no reason to believe this since, as mentioned somewhere in the comments, this is standard and common practice to have all relevant php files within web root. I think you would have a hard time finding a tutorial that says otherwise – Kai Qing May 07 '13 at 02:25
  • @KaiQing: Any PHP file that should never be accessed by a visitor be it a DB config file or a class file I always put outside of webroot. No need to have those accessible if their is no legitimate reason for a visitor to access them. I then include those files as needed. I mean that's how I was told it should be done. – kittycat May 07 '13 at 02:26
  • @cryptic - yeah I agree. The third comment in this question supports that notion. – Kai Qing May 07 '13 at 02:27
  • Apart from config and password files, there's just no need to. It's not like Wordpress, Joomla, Drupal, Symfony2 or all those other big PHP projects out there do it, so I'm curious where this 'common practice' comes from. For packages sure, nice to put it centrally in `/etc`, but otherwise - just protect your system folder with `deny from all` in the `.htaccess` file and you're secure. Even if someone bypasses that the files will show empty in a browser, and once they bypass that you've got bigger issues, like a hacker with local filesystem access. – Niels Keurentjes May 07 '13 at 02:29
  • My fault. I know that dbconnect.php should be outside webroot, and for whatever the reason my mind said "ALL the PHP files." I just stuck the classes in webroot and called it done. Sorry for all the trouble. – Monica May 07 '13 at 02:39