Why don’t you just use a real web host? I pay $5 a month for my hosting package and it is great. These offers of free hosting are typically very limited in terms of what you can do on the hosting account such as making configuration changes. They are usually more trouble than they are worth.
Why not use dirname(FILE) to let PHP figure the path out itself, and then use $_SERVER[‘HTTP_HOST’] to figure out the BASE_URL ?
Makes live a lot easier.
What I mean is, instead of your code you can also use
<?php
// Build Date: 2011-12-17 1:15pm
// Website Environment
define('ENVIRONMENT', 'development');
//define('ENVIRONMENT', 'production');
// Web Root (aka Document Root) (**Physical Location)
define('WEB_ROOT', dirname(__FILE__)); // if on PHP >= 5.3 you can use __DIR__ instead of dirname(__FILE__)
// we need this value twice, so let's store it
$url = $_SERVER['HTTP_HOST'].'/';
// Base URL (**Virtual Location)
define('BASE_URL', 'http://'.$url);
// Secure Base URL (**Virtual Location)
define('SECURE_BASE_URL', 'https://'.$url);
// $url is no longer needed, trash it
unset($url);
?>
That way you can always keep this file the same and never have to worry about anything; just let’s PHP figure it out for itself.
Yes. None of the used data is user generated. Except maybe $_SERVER[‘HTTP_HOST’] which is supplied by the browser, but only works if there is indeed a valid value in there. Besides, if a user gets to spoof it somehow all they will get is broken links; doesn’t hurt anyone.
You can put it anywhere you like. If you want it one directory “up” from the current file, you can do that too
// Web Root (aka Document Root) (**Physical Location)
define('WEB_ROOT', realpath(dirname(__FILE__).'/../'); // if on PHP >= 5.3 you can use __DIR__.'/../' instead of dirname(__FILE__).'/../'
My usual setup is I have an index.php and assets (js, css, images) in the web root (some call it htdocs, some httpdocs, others public_html, etc), and then the app itself is one dir “up” from that, so it’s not web accessible. Doesn’t need an .htaccess to protect it either, you just can’t get there.
Of course not all hosts allow for this kind of setup, but if they do I can strongly recommend it.
My usual setup is I have an index.php and assets (js, css, images) in the web root (some call it htdocs, some httpdocs, others public_html, etc), and then the app itself is one dir “up” from that, so it’s not web accessible. Doesn’t need an .htaccess to protect it either, you just can’t get there. Of course not all hosts allow for this kind of setup, but if they do I can strongly recommend it.
When you say “and then the app itself is one dir “up” from that”, what are you calling your “app”??
‘/…/’ means “one directory up”. For example if your php file is in /a/b/c/d/e/ and in that file you refer to dirname(FILE), you’re referring to /a/b/c/d/e/, but when you use dirname(FILE).‘/…/’ you are referring to /a/b/c/d/
Just create a simple demo script for yourself and toy with it a bit. It’s pretty easy to digress though a bit hard to explain. I use realpath() to tell PHP to actually use /a/b/c/d/ instead of /a/b/c/d/e/…/ and having to resolve what that means every time I reference it. Also, realpath() resolves symbolic links if it needs to, though that is outside the scope of this this thread.
What I mean with my ‘app’ is all the php files that do the internal workings of the website. This of course depends on your setup, but on my sites evertyhing is served through index.php, and that is the only file that is “exposed to the public”. The advantage of this is that people can never get to my php files, also when I forget an .htaccess to deny all, because Apache simply can’t serve those files. Or if someone decides to set AllowOverride to none in the main httpd.conf and .htaccess files don’t work anymore, I still don’t have a problem (okay sure, my site won’t work anymore because I heavily rely on mod_rewrite in the .htaccess, but at least people still can’t get to any of my php files).
What I mean with my ‘app’ is all the php files that do the internal workings of the website. This of course depends on your setup, but on my sites evertyhing is served through index.php, and that is the only file that is “exposed to the public”. The advantage of this is that people can never get to my php files, also when I forget an .htaccess to deny all, because Apache simply can’t serve those files. Or if someone decides to set AllowOverride to none in the main httpd.conf and .htaccess files don’t work anymore, I still don’t have a problem (okay sure, my site won’t work anymore because I heavily rely on mod_rewrite in the .htaccess, but at least people still can’t get to any of my php files).
Is it really insecure to have all of my files in my Document Root - short of DB Access Files?
(I’m not an advanced enough programmer to be using a “Templating System” like you have…)
BTW, is my original way of doing things in my Config File still okay? (It is more manual, but seems to work so far?!)
Finally, can you recommend any other Free Web Hosting site that offer…
