a bit of confusion re: doc_root and user_dir

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
royhb
Forum Newbie
Posts: 1
Joined: Thu Nov 05, 2009 3:00 pm

a bit of confusion re: doc_root and user_dir

Post by royhb »

I have some scripts that are executed via url (server is apache).
I also have a php script that does some defines and initialises some variables that contain info about a local mysql server - hostname, login name, password, etc) that are required by the scripts. I 'require' the initialisation script within the user scripts.

my web server home is /var/www and the scripts live in /var/www/userdir/phpscripts

I have placed the initialisation script at /var/initscript.

If I set doc_root to /var then I can load the init script as an include or require in the user scripts. If I set doc_root to /var/www then I can't access the init script (as expected).

The question is, what is best practice for including/requiring scripts or data files that contain sensitive data? I suspect it is unsafe to set doc_root to /var as presumably that would allow a nasty to access other files above my web root. Is there some way that I can set doc_root to /var/www while still allowing access to a specific directory or file that lives above/outside doc_root ?
User avatar
AbraCadaver
DevNet Master
Posts: 2572
Joined: Mon Feb 24, 2003 10:12 am
Location: The Republic of Texas
Contact:

Re: a bit of confusion re: doc_root and user_dir

Post by AbraCadaver »

Why won't this work (works for me)? What error do you get?

/var/www/userdir/phpscripts/test.php

Code: Select all

include("/var/initscript/init.php");
--or--

Code: Select all

ini_set('include_path', ini_get('include_path') . ':/var/initscript');
include("init.php");
-Shawn
mysql_function(): WARNING: This extension is deprecated as of PHP 5.5.0, and will be removed in the future. Instead, the MySQLi or PDO_MySQLextension should be used. See also MySQL: choosing an API guide and related FAQ for more information.
Post Reply