3

I'm following this tutorial to create a safe login system. My folder logic is as follows:

/var/www/html/mysite/ # html folder is public (here goes index.php, etc)
/var/www/includes/    # includes is hidden (login details, etc)
/var/www/js/          # js is also hidden, as stated on the tutorial

When I say "as stated on the tutorial", I refer to this passage:

Store your copy of this file in a directory called "js", off the root directory of the application.

Did I interpret it right? Should js folder be inside html, instead of www? What's the difference? In my code, I have lines like:

include_once '../../includes/db_connect.php';
include_once '../../includes/functions.php';

and

<script type="text/JavaScript" src="../../js/sha512.js"></script> 
<script type="text/JavaScript" src="../../js/forms.js"></script>

While the php includes work nice, the javascript ones don't. Firefox inspector is complaining:

GET http://localhost/js/sha512.js         [HTTP/1.1 404 Not Found 0ms]

Why is it considering that my js folder is inside html folder, and not where I'm telling it?

Rodrigo
  • 4,706
  • 6
  • 51
  • 94
  • `..` depends on the file location of the file it's used in. It looks like your HTML file is inside the `html` folder, and hence going back twice leads you to the root and not to `www`. Although for a devident answer you are going to need to show us where that HTML file and PHP file is in your directory. – Spencer Wieczorek Oct 21 '15 at 18:34
  • use absolute path: instead of `../../js/forms.js` use `/var/www/js/forms.js` if /is the root of your server. – Ayush Gupta Oct 21 '15 at 18:37
  • The file location is /var/www/html/mysite/, so the ../../ is right, just like for the php includes. – Rodrigo Oct 21 '15 at 18:37
  • @Rodrigo try giving the absolute path with respect to root of your server. – Ayush Gupta Oct 21 '15 at 18:38
  • @Rodrigo That doesn't mean it's right. Especially if your HTML file and PHP file are in different locations. – Spencer Wieczorek Oct 21 '15 at 18:38
  • What's intriguing me is why php files can go off the public folder, but not the javascript files? – Rodrigo Oct 21 '15 at 18:43

2 Answers2

4

I would try putting the JS inside of the html folder and linking to it like this. <script type="text/JavaScript" src="js/forms.js"></script>

lostPixels
  • 1,303
  • 9
  • 23
3

If the www folder is the root directory (i.e. the folder used for http://your-url/) then you can do the following:

<script src="/js/sha512.js"></script> 
<script src="/js/forms.js"></script>

The leading / says "start at the root of the website".

If the html folder is your root directory, you'll need to move the js folder into the html folder - and you can still use the script tags shown above.

JavaScript files are requested by the browser, and the folders outside the root of your website are forbidden to the general public. Your PHP files are loaded on the server, which means you are able to see files the general public does not have access to.

Fenton
  • 241,084
  • 71
  • 387
  • 401
  • html is my public folder, visible as localhost (development yet). The question is, why do the server "finds" the php files outside the public folder, but not the javascript files? – Rodrigo Oct 21 '15 at 18:41
  • 1
    I added a paragraph for this. You can reach the PHP files from the server, but not from a browser. JavaScript files are requested by the browser, which will only be allowed to see files you have made public (by putting them inside the web root folder). – Fenton Oct 21 '15 at 18:45