Am I using include and hidden directories correctly? (PHP Security)

Question

justted 0 Junior Poster

15 Years Ago

Hiya,

I am still developing my website and just wanted to ask whether I am on the right track to ensuring my website coding, database connection, etc is safe.

My public directory obviously has the main pages in which the members will visit.

For example .... log_in.php is located in the public directory.

What ive done is included a hidden directory located outside the public folder so the documents here cannot be viewed directly.

For the log_in.php file I have set up the access code, located it in the include directory file and then used

<?php

include "log_in.inc.php"; 

?>

All of the php processing code is located in this file.

Is this making the website any more secure from hacking attempts or from errors accidently showing my code or am I just creating extra work for myself with no real benefit?

I have over 100 pages to separate the code and set up the include so would appreciate being told if its not worth the hours of work. lol

Also would like to know if I am supposed to put the actual php.ini file into the public directory as this would surely be a security flaw would it not????

Many Thanks

Justin

php

2 Contributors
9 Replies
152 Views
1 Day Discussion Span
Latest Post 15 Years Ago Latest Post by justted

somedude3488 228 Nearly a Posting Virtuoso

15 Years Ago

Putting the files outside the public folder is the right thing to do.

Yes, you have to put the php.ini file in the directory, thats the only way it will work. You will need to put an .htaccess file in there too so it will disallow viewing of the php.ini file.

somedude3488 228 Nearly a Posting Virtuoso

15 Years Ago

Because php.ini files do not affect lower directories. You need to put the same php.ini file in that subdirectory as well.

somedude3488 228 Nearly a Posting Virtuoso

15 Years Ago

Probably. I usually don't use subdirectories, I have everything called from one central file.

Maybe try putting the absolute path to the directory in the php.ini file.

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

justted 0 Junior Poster · Answer 1 · 2009-05-06T14:30:59+00:00

Thank you so much. lol Ive spent the last 4 hours coding it and suddenly thought I had best check to make sure its worthwhile. lol

There is a .htaccess file in the directory so do I need to edit anything or does it automatically protect the .ini extension files?

Thanks very much :)

Justin

justted 0 Junior Poster · Answer 2 · 2009-05-06T16:00:01+00:00

I am having a problem with the above work I am doing and was wondering if anyone has any idea as to how I can sort it.

As mentioned I am adding hidden directories outside of the public folder to be included in the website. I have set my php.ini file and the include file as follows:

;;;;;;;;;;;;;;;;;;;;;;;;;
; Paths and Directories ;
;;;;;;;;;;;;;;;;;;;;;;;;;

; UNIX: "/path1:/path2"
include_path = ".:../include";

This works fine for the main public directory files but when I try and include things from directories within the public folder it doesnt seem to be able to find the hidden include files.

For example...

/public/filename.php works fine
/public/directoryname/filename.php doesnt include the hidden directory.

Any ideas why this is?

Thanks

justted 0 Junior Poster · Answer 3 · 2009-05-06T16:39:59+00:00

Thanks for the reply. I did try this and still it didnt work. Would I need to change the path in the php.ini file? :/

justted 0 Junior Poster · Answer 4 · 2009-05-07T09:51:34+00:00

Hi again ...

So how do you set it all up to call from one file? Im guessing you mean the index.php for example calls all files in the directory using the include?

How would you code the page and wouldnt this cause more load on the server?

Would you use the include with php code....for example

index would have
IF($page==login)
{include "login.inc.php"}

IF($page==main.php)
{include ==main.inc.php"}

etc ....

I thought using the address bar was a little insecure?

I have tried to find the path and include it in the php.ini file and it didnt work at all ...even for the public level files. :(

justted 0 Junior Poster · Answer 5 · 2009-05-07T09:53:58+00:00

oh I forgot to say that then you would have the address as

http://site_url.com/index.php?page=login

I have over 100 pages on the site so it will be quite a big site so is this a good way of doing it? :>/

justted 0 Junior Poster · Answer 6 · 2009-05-07T16:07:33+00:00

Hiya Thanks for the help. I seem to have fixed the problem and can now access sub folders without any problems.

The solution was simple and as usual a user error. I just placed a copy of the php.ini file into the subdirectory and then instead of having the

path :../hidden_directory_name;

I simple changed the sub folder path to :../../hidden_direc...

Simple eh! lol

Thanks Again

Justin