How to store files in non-public areas on Linux/Apache....???

[angelleye]

My local test servers are Windows based.  Many of my applications use web services that require credentials for authenticating my API access (eBay, PayPal, etc.)

 

On my test servers I've stored a credentials.xml file outside of the web site root.  Then, within my PHP scripts I can do something like this:

 

// Open file outside of web root which contains PayPal credentials.  This is for security purposes.
$ConfigFilePath = "D:\WebNonPublic\credentials.xml";
if(!$PayPalCredentials = simplexml_load_file($ConfigFilePath))
exit("There was an error opening the credentials file");

//set the API credentials based on sandbox boolean passed
if(!$Sandbox)
{
$APIUsername = $PayPalCredentials -> Production -> Username;
$APIPassword = $PayPalCredentials -> Production -> Password;
$APISignature = $PayPalCredentials -> Production -> Signature;
$EndPointURL = $PayPalCredentials -> Production -> EndPointURL;
}
else
{
$APIUsername = $PayPalCredentials -> Sandbox -> Username;
$APIPassword = $PayPalCredentials -> Sandbox -> Password;
$APISignature = $PayPalCredentials -> Sandbox-> Signature;;
$EndPointURL = $PayPalCredentials -> Sandbox-> EndPointURL;;
}

 

That works beautifully and then if somebody decides to download my entire web site they can't see any of my credentials.

 

My live web host that I'm using is a Linux host with Apache.  I'm not very experienced administering this at all.  I can FTP into my site root and I can see that the public stuff goes into /www and there are lots of files outside of that like .htaccess and many others.  I tried placing my credentials.xml in the same place .htaccess is but then I can't seem to get to it.  I tried  ./credentials.xml, and then I also tried the normal ../../credentials.xml.  I added an extra ../ in hopes it would reach up to the level above /www and be able to find it.  I can't get anything to work, though.

 

Any information on how I can accomplish this would be greatly appreciated.  Thanks!

[angelleye]

Ah, I figured it out.  Can I delete this thread somehow?

[DanielWhite]

Post how you solved it. You may help someone in the future

[angelleye]

Good point.

 

I ran phpinfo() and found the true full path of my directory on this web host.  Using that I was able to figure out the path to the new folder I created in my {home} directory that was located outside of the web root.