Jump to content
imgrooot

Is there a proper way to set this up?

Recommended Posts

Say I have two areas of a website. 

1 - root directory (index, sign up, sign in)

2 - folders (this would contain folders such as snippets, members, assets)

Due to the nature of the folders, the links cannot be the same as they are on the pages in the root directory. Index page for example.  So if I'm on members/dashboard.php, any a links linking to index.php, will have to have "../" in front of them. To solve the issue, my current set up is like this. But I understand it's not the most efficient way to do this. I was wondering if you can share your expertise for a better method.

$currentPage = basename($_SERVER['PHP_SELF'], ".php");

<?php if($currentPage == 'index' || $currentPage == 'members') { ?>

	<!DOCTYPE HTML>
	<head>
		<meta charset="UTF-8">
		<title></title>
		<meta http-equiv="X-UA-Compatible" content="IE=edge">
		<meta name="description" content="">
		<link rel="shortcut icon" href="images/favicon.ico.png">
		<link href="css/screen.css" media="screen" rel="stylesheet" />
	</head>
	<body>
    <a href="index">
      <img src="images/logo.PNG" alt="logo" />
    </a>
  </body>

<?php } else { ?>  

  <!DOCTYPE HTML>
  <head>
    <meta charset="UTF-8">
    <title></title>
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="description" content="">
    <link rel="shortcut icon" href="../images/favicon.ico.png">
    <link href="../css/screen.css" media="screen" rel="stylesheet" />
  </head>
  <body>
    <a href="../index">
      <img src="../images/logo.PNG" alt="logo" />
    </a>
  </body>

<?php } else { ?>  

 

Share this post


Link to post
Share on other sites

The better method is to have a single point of entry, eliminating duplicate code and not using the XSS vulnerable $_SERVER['PHP_SELF']

 

Share this post


Link to post
Share on other sites

Use absolute URLs

<link rel="shortcut icon" href="/images/favicon.ico.png">
<a href="/index">
<img src="/images/logo.PNG" alt="logo" />

I don't understand how so many people can be unaware of them.

  • Like 2

Share this post


Link to post
Share on other sites
5 hours ago, requinix said:

Use absolute URLs


<link rel="shortcut icon" href="/images/favicon.ico.png">

<a href="/index">

<img src="/images/logo.PNG" alt="logo" />

I don't understand how so many people can be unaware of them.

I'm sorry but your post does not show how to get an absolute URL. I did some digging and found one of the posts here. https://stackoverflow.com/questions/6511496/how-to-generate-absolute-url-path-to-a-script-file

I will try the absolute URLs based on their examples.

Share this post


Link to post
Share on other sites

@imgrooot, your example code doesn't show any need to generate an absolute URL, at least not dynamically.  You'd just replace your URL's with absolute versions as demonstrated by requinix.  The absolute URL's don't change based on the location of the script because you're always referencing from the root of the website rather than the current script's location.

If you think you need to somehow dynamically generate an absolute URL then you'll need to expand on why you think that is and the details of your situation.

Share this post


Link to post
Share on other sites

Generate a URL???  Just put the url you need (as demonstrated by Requinix) in place of the relative ones you are putting there now that are NOT being generated.

Share this post


Link to post
Share on other sites
On 1/25/2019 at 9:45 PM, kicken said:

@imgrooot, your example code doesn't show any need to generate an absolute URL, at least not dynamically.  You'd just replace your URL's with absolute versions as demonstrated by requinix.  The absolute URL's don't change based on the location of the script because you're always referencing from the root of the website rather than the current script's location.

If you think you need to somehow dynamically generate an absolute URL then you'll need to expand on why you think that is and the details of your situation.

 

Here is my setup for the absolute URL. The normal a links seem to work fine and so are the includes/requires. But the scripts  in the HEAD section of the site don't seem to load, even though the path is correct.  

define('PROJECT_ROOT', dirname(dirname(__FILE__)));
$root_dir = PROJECT_ROOT;

// THIS WOULD GET ME THE ROOT DIRECTORY OF MY SITE 
C:\xampp\htdocs\mysite

// IF I INCLUDE IT IN THESE FILES 
<link href="<?php echo $root_dir; ?>/css/screen.css" media="screen" rel="stylesheet" />
<script src="<?php echo $root_dir; ?>/javascripts/jquery.js"></script>

// I GET THIS ERROR IN THE INSPECT ELEMENTS WINDOW
Not allowed to load local resource: file:///C:/xampp/htdocs/mysite/css/screen.css
Not allowed to load local resource: file:///C:/xampp/htdocs/mysite/javascripts/jquery.js

// IF USE RIGHT CLICK AND SEE THE PAGE SOURCE, THE PROJECT ROOT SLASHES ARE BACKWARDS LIKE THIS 
<link href="C:\xampp\htdocs\mysite/css/screen.css" media="screen" rel="stylesheet" />
<script src="C:\xampp\htdocs\mysite/javascripts/jquery.js"></script>

 

So what do you think is going on?

Edited by imgrooot

Share this post


Link to post
Share on other sites

What I think is going on? You really don't want me to answer that question. Let's just say your solution is wrong.

"Absolute URL" here means a leading slash. That's it. That is all you... deep breath... All you need is the leading slash, like I showed in that post. Really.

You made this thread almost three days ago now. I gave you the answer in the first hour. There's no reason we should still be here.

Share this post


Link to post
Share on other sites
2 hours ago, requinix said:

What I think is going on? You really don't want me to answer that question. Let's just say your solution is wrong.

"Absolute URL" here means a leading slash. That's it. That is all you... deep breath... All you need is the leading slash, like I showed in that post. Really.

You made this thread almost three days ago now. I gave you the answer in the first hour. There's no reason we should still be here.

I get what you're saying but your method of leading slash doesn't work. For e.g.

// CURRENT PAGE LOCATION: mysite/members/dashboard.php

// YOUR METHOD
<a href="/index">LINK</a>

// RESULT 
localhost/index

// WHAT I WANT IS
localhost/mysite/index

// I CAN ONLY GET THAT IF THE URL IS LIKE THIS
<a href="../index">LINK</a>

Maybe I'm just not getting your leading slash. Please do explain what I am doing wrong.

Share this post


Link to post
Share on other sites

Rather than absolute URL some people refer to these as domain relative URL's.  Essentially when you begin the url with a / you are specifying the full path from the root domain name.  If you want to link to localhost/mysite/index then you use <a href="/mysite/index">.

If you want the /mysite part to be changeable (say if you had an app you could drop into any folder on the site) then the easiest thing to do is to simply make it a configuration option in the application, for example:

config.php:

define('APP_PREFIX', '/mysite');

header.php:

<?php include('config.php'); ?>
<link href="<?=APP_PREFIX?>/css/screen.css" media="screen" rel="stylesheet" />
<script src="<?=APP_REFIX?>/javascripts/jquery.js"></script>

 

Share this post


Link to post
Share on other sites
5 hours ago, kicken said:

Rather than absolute URL some people refer to these as domain relative URL's.  Essentially when you begin the url with a / you are specifying the full path from the root domain name.  If you want to link to localhost/mysite/index then you use <a href="/mysite/index">.

If you want the /mysite part to be changeable (say if you had an app you could drop into any folder on the site) then the easiest thing to do is to simply make it a configuration option in the application, for example:

config.php:


define('APP_PREFIX', '/mysite');

header.php:


<?php include('config.php'); ?>
<link href="<?=APP_PREFIX?>/css/screen.css" media="screen" rel="stylesheet" />
<script src="<?=APP_REFIX?>/javascripts/jquery.js"></script>

 

Ah yes that's exactly what I was looking for. I have a couple questions.

1. <?=APP_PREFIX?>. Is this the same as "<?php =APP_PREFIX ?>" ?

2. What is the reason for the = sign in =APP_PREFIX?

3. I want to include it in the include/require files like this.

require_once '../core/init.php';
require_once '/members/dashboard.php';

How do I properly add the APP_PREFIX to the require_once above? I've tried different ways and i still get an error like this.

define('APP_PREFIX', '/mysite');
$root_dir = APP_PREFIX;

require_once "$root_dir/core/init.php";

Warning: require_once(/mysite/core/init.php): failed to open stream: No such file or directory 
Fatal error: require_once(): Failed opening required '/mysite/core/init.php' (include_path='C:\xampp\php\PEAR') 

 

Edited by imgrooot

Share this post


Link to post
Share on other sites
16 minutes ago, imgrooot said:

<?=APP_PREFIX?>. Is this the same as "<?php =APP_PREFIX ?>" ?

Try it.

16 minutes ago, imgrooot said:

What is the reason for the = sign in =APP_PREFIX?

The equals sign does not belong to the APP_PREFIX. It belongs to the <?. Documentation

18 minutes ago, imgrooot said:

I want to include it in the include/require files like this.

You can't. The leading slash only works for URLs. If you want something that works for filenames then use

require_once $_SERVER['DOCUMENT_ROOT'] . '/core/init.php';
require_once $_SERVER['DOCUMENT_ROOT'] . '/members/dashboard.php';

or whatever the right path is. So DOCUMENT_ROOT + whatever the file path is relative to the root of your website.

Share this post


Link to post
Share on other sites
14 minutes ago, requinix said:

Try it.

The equals sign does not belong to the APP_PREFIX. It belongs to the <?. Documentation

You can't. The leading slash only works for URLs. If you want something that works for filenames then use


require_once $_SERVER['DOCUMENT_ROOT'] . '/core/init.php';
require_once $_SERVER['DOCUMENT_ROOT'] . '/members/dashboard.php';

or whatever the right path is. So DOCUMENT_ROOT + whatever the file path is relative to the root of your website.

I've read that not to use

$_SERVER['DOCUMENT_ROOT']

Instead use 

define('PROJECT_ROOT', dirname(dirname(__FILE__)));
$project_root = PROJECT_ROOT;

So using that, it would look like this. 

require_once $project_root . '/core/init.php';
require_once $project_root . '/members/dashboard.php';

It seems to work fine now.

Share this post


Link to post
Share on other sites
On 1/25/2019 at 2:19 PM, benanamen said:

The better method is to have a single point of entry, eliminating duplicate code and not using the XSS vulnerable $_SERVER['PHP_SELF']

 

Could you please explain how using "$_SERVER['PHP_SELF']" makes it XSS vulnerable? What do I use it in it's place instead?

Share this post


Link to post
Share on other sites
25 minutes ago, imgrooot said:

I've read that not to use


$_SERVER['DOCUMENT_ROOT']

Instead use 


define('PROJECT_ROOT', dirname(dirname(__FILE__)));
$project_root = PROJECT_ROOT;

If it was someone on this forum then I'll agree with what they said.

25 minutes ago, imgrooot said:

So using that, it would look like this. 


require_once $project_root . '/core/init.php';
require_once $project_root . '/members/dashboard.php';

 

PROJECT_ROOT instead of $project_root would be better. You don't need both of those anyways - either define() it or use a variable.

Share this post


Link to post
Share on other sites
6 minutes ago, requinix said:

If it was someone on this forum then I'll agree with what they said.

PROJECT_ROOT instead of $project_root would be better. You don't need both of those anyways - either define() it or use a variable.

Got it.

And I actually read that on Stackoverflow.

Share this post


Link to post
Share on other sites
8 minutes ago, imgrooot said:

And I actually read that on Stackoverflow.

Then I slightly disagree with it. If all your files are within your document root then you might as well use DOCUMENT_ROOT, but if you have anything outside then you should use that constant.

Share this post


Link to post
Share on other sites
56 minutes ago, requinix said:

Then I slightly disagree with it. If all your files are within your document root then you might as well use DOCUMENT_ROOT, but if you have anything outside then you should use that constant.

Well one of the things the person mentioned was that SERVER['DOCUMENT_ROOT'] doesn't work on all servers and that DIR is better for PHP >= 5.3.

Share this post


Link to post
Share on other sites
3 minutes ago, imgrooot said:

Well one of the things the person mentioned was that SERVER['DOCUMENT_ROOT'] doesn't work on all servers and that DIR is better for PHP >= 5.3.

It works for all web-based requests, which is what most people are doing. That other method is a bit more flexible, "professional" maybe, but requires that your application is set up a certain way.

Share this post


Link to post
Share on other sites

I remember many year ago I had issues with $_SERVER['DOCUMENT_ROOT'] not existing on IIS+PHP setup.  Can't remember the versions involved.  I ended up using a define based on __FILE__ as a workaround (__DIR__ didn't exist then).

Now day's I just use __DIR__ and .. as necessary, eg:

define('PROJECT_ROOT', __DIR__.'/../../');
//or
require __DIR__.'/../../config.inc.php';

 

Share this post


Link to post
Share on other sites

So yeah, looking around apparently IIS was adhering to the Microsoft tradition of not following established standards, such as CGI saying that DOCUMENT_ROOT needs to be set. But at least it seems like it's not really an issue anymore.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.