DJCMBear Posted January 20, 2010 Share Posted January 20, 2010 Hi im trying to create an application section to my site, but I dont want the application developer to be able to require a file outside their folder when they require or include a file in their folder. So if a user created an application and created a file and put require('../index.php'); in the root dir and lets say that went to the main sites home i would want an error to show saying you cant require a page outside their root dir and not show that page. The file system would be like the index.php page which holds the codes that will show the application, and a folder called app-files and in the app-files folder it would have a folder for each app so if there was an app called free-codes the the path to that app would be '/app-files/free-codes/[path-to-files-user-has-creaded]' etc. So basicly the users app folder inside the app-files folder would be their base dir and you can't access anything outside that. If anyone knows of anyway I could do this please reply, Thank You. Quote Link to comment Share on other sites More sharing options...
Cardale Posted January 20, 2010 Share Posted January 20, 2010 Depending on which web server you use probably apache you would need to look there. Probably setting up a virtual server. Thats what I would do. Quote Link to comment Share on other sites More sharing options...
Sesquipedalian Posted January 20, 2010 Share Posted January 20, 2010 I agree with Cardale. If somehow you can't do that, however, you could use Regex and check if the URL has something like ../something.php. Quote Link to comment Share on other sites More sharing options...
DJCMBear Posted January 20, 2010 Author Share Posted January 20, 2010 Thanks for the replys they are helpfull however im not using my own server and my server wont do something for just one user so i cant go through the server, I was thinking about .htaccess cus i use them files alot but i dont know if/how i could write something in that to let the server think thats the root folder and from what i know you cant access anything outside the root without telling your server that which mine hasnt. If someone knows a php or .htaccess code/function how i can do this then please feel free to tell me, thank you. Quote Link to comment Share on other sites More sharing options...
Cardale Posted January 21, 2010 Share Posted January 21, 2010 .ht might work. Don't know never really use them for anything. They have reseller accounts for pretty cheap if you are reselling web space. Quote Link to comment Share on other sites More sharing options...
DJCMBear Posted January 22, 2010 Author Share Posted January 22, 2010 ill make a php script so when a user creates a new app then the folder gets created and then a .ht file is written into it with the root codes in it sounds ok, i just have to figure out how i can write the root code now lol thanks for the help =) Quote Link to comment Share on other sites More sharing options...
DJCMBear Posted January 22, 2010 Author Share Posted January 22, 2010 I was just wondering if i used .ht to make the server think the folder its in is the root of the site would PHP requests such as require and include still allow users to include pages outside the folder or because the server thinks the folder is the root then they will not include pages outside that folder? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.