Jump to content

Recommended Posts

I am developing a CMS for my clients where the login to administrate their website is through my own website. This unified back-end allows me to develop the functionality and user experience without the issue of updating each site manually with the new files or running a complicated macro etc and then uploading them all individually too.

 

I would also like to combine as much of the "client side" CMS code too, i.e. as many of the php files that are stored on the clients website as possible.

 

All of the websites (and the backend website) are located on the same VPS, running PHP V5.3, allow_url_include is not available, I could have it turned on but this causes security issues if I understand correctly?

 

I figure my main options are:

 

- Turn on allow_url_include and just include via IP/Domain.

 

- Use a FTP system similar to the way Wordpress allows remote install of plugins and system updates.

 

or

 

- Include the files using a different /home/username/cmsincludes/ path? Is it possible to use another VPS account to include from? I have tested and it gives me a "failed to open stream" error.

Example:

 

Client xyz Website

Website located: /home/xyz/public_html/

CMS Included: /home/mainsite/cms/

 

Client 123 Website

Website located: /home/123/public_html/

CMS Included: /home/mainsite/cms/

 

Client xxx Website

Website located: /home/xxx/public_html/

CMS Included: /home/mainsite/cms/

allow_url_include is unsafe and should never be used; allow_url_fopen is the "safe" one that should be enabled. Just to put that out there.

 

Using something to automatically update (via FTP or whatever) is the best option, but it can take a while to set up a good system.

Short of that, my suggestion is to "copy" the CMS for each client, but for the files that you want shared what you actually copy are a bunch of links* pointing back to the originals. Thus you can keep include()ing the same files. When you need to customize files you remove the links, copy the files, and make your changes.

 

You need to make sure file permissions are set up on the originals so that anybody can read them - that could be the problem you have now. 0644 on regular files, 0755 on directories.

 

* Symbolic. There's a chance that PHP will realize they're symbolic and take special actions (I don't know but I wouldn't expect it); those actions may screw up the whole idea, in which case you'd need hardlinks instead.

You need to make sure file permissions are set up on the originals so that anybody can read them - that could be the problem you have now. 0644 on regular files, 0755 on directories.

 

Wow now I feel silly...

 

I have just tested using the server urls and it works once the directory has permissions set. I tested HTML output, PHP functions and a PHP variable, it seems to work perfectly.

 

Thank you.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.