Page 1 of 1

What is in your index.php?

Posted: Sun Sep 04, 2011 12:17 am
by eazyGen
An open question this, and one that may or may not bear fruit. But here we go anyway.

index.php is a special case I feel because it is often the default script that is called for a web site. Moreover, I keep mine in the freely available root directory, but the rest of my php is out of the root for security purposes - in a directory called "lib".

The app I am working on at the present time requires that a user logs on first. So, the code I have in my index.php is very simple:

Code: Select all

<?php

/* Require Log In */

require("lib/ezLogin.php");

?>
This at least is what I have presently. So I have a few questions:

1. Is treating index.php as a special case, a reasonable approach would you say?
2. Is the separation of the rest of the non-client php files a real security improvement?
3. When you declare the css path, do you use absolute path names? If so, how might it be done so it will work on local (testing) AND the main server (production) with no code change?
4. includes_path - I assume this is the path to the includes directory. However, I am not sure/happy/comfortable with this just yet. Can more than one path be included in this? (I have Googled around but still unhappy) If so, how so? Does this approach works across platforms? If not, is there a way to make it?

Many thanks for any help.

S

Re: What is in your index.php?

Posted: Sun Sep 04, 2011 1:33 am
by flying_circus
eazyGen wrote:
This at least is what I have presently. So I have a few questions:

1. Is treating index.php as a special case, a reasonable approach would you say?
2. Is the separation of the rest of the non-client php files a real security improvement?
3. When you declare the css path, do you use absolute path names? If so, how might it be done so it will work on local (testing) AND the main server (production) with no code change?
4. includes_path - I assume this is the path to the includes directory. However, I am not sure/happy/comfortable with this just yet. Can more than one path be included in this? (I have Googled around but still unhappy) If so, how so? Does this approach works across platforms? If not, is there a way to make it?

Many thanks for any help.

S
1. No, I too use the index.php as the only exposed webpage. This is a common approach and the technique is sometimes referred to as a front controller. I direct my index.php to the home page though, whatever is supposed to display by default, as this is what users and search engines would expect to find.

2. I think so, The fewer scripts publicly exposed, the better you can take control over what is happening, IMO.

3. I either use a global variable in a config file to declare the http root uri, otherwise I use relative paths. Either method is acceptable, but I find the config file makes things easier to restructure in the future. Actually, I define a few paths in my config file, such as the http root, script (js) root, style root, image root, etc. Then in my code I can simply do a src="<?php print IMAGE . 'menu_background.png';?>".

4. I suppose you can use the php include_path but I never liked it. I figure that as long as I am somebody elses mercy of maintaining the server, such as in shared hosting, if they change the value, my script breaks. If I use a config file as described above, I have complete control.

Re: What is in your index.php?

Posted: Sun Sep 04, 2011 5:01 am
by eazyGen
flying_circus wrote:
eazyGen wrote:
This at least is what I have presently. So I have a few questions:

1. Is treating index.php as a special case, a reasonable approach would you say?
2. Is the separation of the rest of the non-client php files a real security improvement?
3. When you declare the css path, do you use absolute path names? If so, how might it be done so it will work on local (testing) AND the main server (production) with no code change?
4. includes_path - I assume this is the path to the includes directory. However, I am not sure/happy/comfortable with this just yet. Can more than one path be included in this? (I have Googled around but still unhappy) If so, how so? Does this approach works across platforms? If not, is there a way to make it?

Many thanks for any help.

S
1. No, I too use the index.php as the only exposed webpage. This is a common approach and the technique is sometimes referred to as a front controller. I direct my index.php to the home page though, whatever is supposed to display by default, as this is what users and search engines would expect to find.

Funnily enough, I switched the "Require" in my code to a re-direct (Location statement) this very morning and found immediate relief.

2. I think so, The fewer scripts publicly exposed, the better you can take control over what is happening, IMO.

This would seem sound to me.

3. I either use a global variable in a config file to declare the http root uri, otherwise I use relative paths. Either method is acceptable, but I find the config file makes things easier to restructure in the future. Actually, I define a few paths in my config file, such as the http root, script (js) root, style root, image root, etc. Then in my code I can simply do a src="<?php print IMAGE . 'menu_background.png';?>".

Thank you for that pointer. I have a feeling it may come in very handy indeed.

4. I suppose you can use the php include_path but I never liked it. I figure that as long as I am somebody elses mercy of maintaining the server, such as in shared hosting, if they change the value, my script breaks. If I use a config file as described above, I have complete control.

Once again, this looks like sound practice.
Hi Flying_Circus.

Thanks very much for your time and thoughts. You are helping me to cut through a lot theory and research to alight upon what seem like sound and extremely useful good practices.

I am grateful to you.

S