SitePoint Sponsor

User Tag List

Results 1 to 6 of 6
  1. #1
    SitePoint Wizard DoubleDee's Avatar
    Join Date
    Aug 2010
    Location
    Arizona
    Posts
    3,531
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)

    How to Include outside Web Root?

    On my website, any web page which needs to connect to MySQL has the following code at the top of the file...
    PHP Code:
        // Connect to Database.
        
    require_once(WEB_ROOT 'private/mysqli_connect.php'); 

    Where the constant WEB_ROOT is defined in config/config.inc.php like this...
    PHP Code:
        // Website Environment
        
    define('ENVIRONMENT''development');
    //define('ENVIRONMENT', 'production');


        // Web Root
        
    define('WEB_ROOT'ENVIRONMENT === 'development'
                
    '/Users/user1/Documents/DEV/+htdocs/06_Debbie/'
                
    '/var/www/vhosts/MySite.com/httpdocs/'); 

    This code works as-is, but the problem is that I do NOT want my Database Settings in the Web Root of my Production environment!!


    So, here is what I need help with...

    1.) According to GoDaddy, I should have "root" access on my VPS, and thus be able to create directories and files outside of the Web Root.

    The syntax for my Production Web Root is like this...
    Code:
    /var/www/vhosts/MySite.com/httpdocs/

    Where should I put my Database Settings for the greatest security??


    Would this work...
    Code:
    /var/www/vhosts/MySite.com/PRIVATE/


    2.) Unfortunately, NetBeans will not let me create a directory outside of the Web Root. (Don't ask me why?!)

    This creates a problem in that I cannot have similar directory structures between Dev and Prod.

    And my goal is to either have code that works in both environments as-is, OR which can be adapted with minimal changes.

    So how should I modify my code so I can easily switch between my "Development" and "Production" environments and still point to my Database Settings?

    In Production, my Database Config file should be *outside* of the Web Root for extra security.

    In Dev, I think it is okay to keep my "private" directory which is located *inside* the Web Root.


    I can see a few ways to tackle things, but will wait to see what the gurus out there think!!

    (BTW, my entire code-base is PROCEDURAL, so please keep any recommendations in that coding style.)

    Sincerely,


    Debbie

  2. #2
    Non-Member
    Join Date
    Oct 2007
    Posts
    363
    Mentioned
    11 Post(s)
    Tagged
    0 Thread(s)
    Well firstly, you should be able to do that in Netbeans. I personally use PhpStorm, but I see no reason why Netbeans would not allow you to do this.

    There's a way you can do this without changing any code at all between environments.

    You need to use an apache environment variable. This is a variable that you setup in your apache virtual host config that is unique to each host. So for your production apache settings, you set the variable to "PRODUCTION", but for development, you can set it to "DEVELOPMENT" or whatever. You can then pickup this variable from within php, and from there you can have a case statement or whatever to determine which environment you're on, and therefore which configuration to use.

    Version 1 of the Zend Framework uses this technique.

    Here's a code snippet from the standard index.php file from ZF1:

    PHP Code:
    // Define application environment
    defined('APPLICATION_ENV')
        || 
    define('APPLICATION_ENV', (getenv('APPLICATION_ENV') ? getenv('APPLICATION_ENV') : 'production')); 
    Here's a snippet from the apache virtual host settings:

    Code:
    <VirtualHost *:80>
      ServerName websitename.local
      DocumentRoot /vagrant/public
      SetEnv APPLICATION_ENV development
      <Directory /vagrant/public>
        DirectoryIndex index.php
        AllowOverride All
        Order allow,deny
        Allow from all
        Options FollowSymLinks
      </Directory>
    </VirtualHost>

    Notice the line "SetEnv APPLICATION_ENV development"? This is the line you need.

    From there, you can use the getenv('APPLICATION_ENV') function to return "development" or "production", and from that variable you can determine which database settings to load in your own config. This should allow you to keep your code EXACTLY THE SAME in both production and development, yet still maintain different database settings for both.

    In terms of where you should store the settings themselves - you are correct in storing them above your web root. You should be able to do this in Netbeans (could it be that you declared your project at the web root level in netbeans? If so, you may just need to create a "new" project in netbeans but just start one folder up when you set the project up).

    I would highly recommend this method, as maintaining exactly the same code base between production and development makes things a whole lot easier in general.

    Edit: I just saw this line in your own code:

    PHP Code:
        define('ENVIRONMENT''development'); 
    So basically, you could just change that to this:

    PHP Code:
        define('ENVIRONMENT'getenv('APPLICATION_ENV')); 
    So long as you set the APPLICATION_ENV variable in your apache virtual host settings, you should now have your ENVIRONMENT variable dynamically set depending on which server you are on :-)

  3. #3
    SitePoint Wizard DoubleDee's Avatar
    Join Date
    Aug 2010
    Location
    Arizona
    Posts
    3,531
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    aaarrrggh,

    Thanks for the reply.

    You idea sounds interesting, but I am worried it might be over my head...

    Obviously I would have posted here if I didn't want to make things better, yet I am very skiddish about trying to do anything with Linux or Apache or PHP on my Virtual Private Server, because I have NO CLUE about any of that stuff!!!

    Not saying I would try what you are suggesting, but my larger fear is that I start tinkering with Linux/Apache/Php on my VPS, don't know what I am doing, and create some major security hole?!

    (I did set up "virtual hosts" on my MacBook, so I could run different NetBeans projects on MAMP and not have to have all sorts of different code. But I have never touched anything on my VPS...)

    Not sure if I'm good enough to implement your advice...

    Sincerely,


    Debbie

  4. #4
    Non-Member
    Join Date
    Oct 2007
    Posts
    363
    Mentioned
    11 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by DoubleDee View Post
    aaarrrggh,

    Thanks for the reply.

    You idea sounds interesting, but I am worried it might be over my head...

    Obviously I would have posted here if I didn't want to make things better, yet I am very skiddish about trying to do anything with Linux or Apache or PHP on my Virtual Private Server, because I have NO CLUE about any of that stuff!!!

    Not saying I would try what you are suggesting, but my larger fear is that I start tinkering with Linux/Apache/Php on my VPS, don't know what I am doing, and create some major security hole?!

    (I did set up "virtual hosts" on my MacBook, so I could run different NetBeans projects on MAMP and not have to have all sorts of different code. But I have never touched anything on my VPS...)

    Not sure if I'm good enough to implement your advice...

    Sincerely,


    Debbie
    Ok, so basically, you need to speak to your host about where your apache virtual host settings are. You should have a file somewhere, usually named after the website itself inside of "sites-available" or something like that (probably called "mysite.com" inside that directory).

    First thing to do is to make a backup of that file. Once you've done that, it means even if you mess anything up, you should be fine as you can just revert back to that file.

    Ideally you need to be ssh'ing into your machine and typing from the command line...

    Are you able to ask your host to make this change for you? Your VPS will just be using a similar apache config to the one you're running locally...

    Do you know what version of linux is running on your vps by any chance?

    Also, have you ever used ssh before? If not, perhaps now is the time to try it ;-)

    You're safe with ssh from the command line so long as you don't delete anything - if you make a backup of the file before editing, you will be fine.

  5. #5
    SitePoint Wizard DoubleDee's Avatar
    Join Date
    Aug 2010
    Location
    Arizona
    Posts
    3,531
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by aaarrrggh View Post
    Ok, so basically, you need to speak to your host about where your apache virtual host settings are. You should have a file somewhere, usually named after the website itself inside of "sites-available" or something like that (probably called "mysite.com" inside that directory).
    What would that file be called on my local machine (e.g. in MAMP)?

    I'm not sure, but since it is a "virtual private server", I am thinking the files should have the same names as I'd see locally in MAMP, but I could be wrong?!)


    First thing to do is to make a backup of that file. Once you've done that, it means even if you mess anything up, you should be fine as you can just revert back to that file.
    Good point!

    Here is a little more of the specifics of my situation...

    I am with GoDaddy, and have a Virtual Private Server. Currently I have Plesk on my VPS, but don't like that. I do have a live website up, but it is v1.0 and lame!!

    I am hoping to get a new VPS with GoDaddy in the next few weeks with cPanel on it. (I have heard that is both easier to use, and more robust.)

    My plan is to get this new VPS with cPanel all set up, and made more secure than what I have now, and then upload all of my my "new & improved" v2.0 website files.

    So in addition to having a way more complex website, which is actually under pretty good control, I hope/need to take this whole Server Administration thing to a new level.

    It will mean that I will need to learn how to manage the Server more so myself, and possibly use SSH, and do things like create folders outside of the Web Root. (I'm totally in over my head, but to have a *serious* and a *secure* website, I guess I have to learn this stuff?!)

    (I could pay GoDaddy to do this for me, but I need to learn this myself, although I'm terrified right now...) *teeth chattering*


    Ideally you need to be ssh'ing into your machine and typing from the command line...
    Should I start another thread on that topic? (I have LOTS of questions on it!!)


    Are you able to ask your host to make this change for you? Your VPS will just be using a similar apache config to the one you're running locally...
    For $$$, I'm sure GoDaddy can do a lot, but I think it is better if I start learning these things.


    Do you know what version of linux is running on your vps by any chance?
    I think they said CentOS 6...


    Also, have you ever used ssh before? If not, perhaps now is the time to try it ;-)
    Should I start a new thread?


    You're safe with ssh from the command line so long as you don't delete anything - if you make a backup of the file before editing, you will be fine.
    Easy for you to say!!

    Sincerely,


    Debbie

  6. #6
    Non-Member
    Join Date
    Oct 2007
    Posts
    363
    Mentioned
    11 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by DoubleDee View Post
    What would that file be called on my local machine (e.g. in MAMP)?

    I'm not sure, but since it is a "virtual private server", I am thinking the files should have the same names as I'd see locally in MAMP, but I could be wrong?!)




    Good point!

    Here is a little more of the specifics of my situation...

    I am with GoDaddy, and have a Virtual Private Server. Currently I have Plesk on my VPS, but don't like that. I do have a live website up, but it is v1.0 and lame!!

    I am hoping to get a new VPS with GoDaddy in the next few weeks with cPanel on it. (I have heard that is both easier to use, and more robust.)

    My plan is to get this new VPS with cPanel all set up, and made more secure than what I have now, and then upload all of my my "new & improved" v2.0 website files.

    So in addition to having a way more complex website, which is actually under pretty good control, I hope/need to take this whole Server Administration thing to a new level.

    It will mean that I will need to learn how to manage the Server more so myself, and possibly use SSH, and do things like create folders outside of the Web Root. (I'm totally in over my head, but to have a *serious* and a *secure* website, I guess I have to learn this stuff?!)

    (I could pay GoDaddy to do this for me, but I need to learn this myself, although I'm terrified right now...) *teeth chattering*




    Should I start another thread on that topic? (I have LOTS of questions on it!!)




    For $$$, I'm sure GoDaddy can do a lot, but I think it is better if I start learning these things.




    I think they said CentOS 6...




    Should I start a new thread?




    Easy for you to say!!

    Sincerely,


    Debbie
    Sure, start a new thread. I'll show you something that'll help you I think... I'll introduce you to the world of virtual machines (read: a safe sandbox for you to play with) ;-)


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •