944,105 Members | Top Members by Rank

Web Development > PHP > How to store files for a Content Management System (CMS)
Ad:
  • PHP Discussion Thread
  • Unsolved
  • Views: 2273
  • PHP RSS
Permalink
Oct 28th, 2009
0

How to store files for a Content Management System (CMS)

Expand Post »
I'm building a Content Management System on my own in PHP & MySql. I thought it's a good idea that all CMS files to be stored secure on the server "before" www folder so that it can't be accesed from the browser (all cms files in one folder). In www folder it's only the TEMPLATE cause I want to separate template from CMS, separate folders. I can include *.php files from folder above but I can't include the JavaScript files and other files that are linked from forms. For example at login: my login form actions on "login.php" which is in folder above root so it can't be accessed.

My question are:
- it is a good idea to store all CMS files in folder above 'www' folder? If so, how can I include the files correctly? If not, what's the best option to place my CMS folder? (remember I must separate the template from CMS. The template only calls 3,4 functions from CMS to show menu, content, etc. so that I can change the template without changing the content)

Thanks. Hope somebody helps
Similar Threads
Reputation Points: 11
Solved Threads: 7
Posting Whiz in Training
Clawsy is offline Offline
225 posts
since Feb 2008
Permalink
Oct 28th, 2009
0
Re: How to store files for a Content Management System (CMS)
Storing files as, well, files is never a good idea, if stored as PHP files and then include/require(ed) the scripts could contain malicious code. There are two options;
1,
Save the file as .htm, .html, .txt (or some other plain text format)
Include the file with
php Syntax (Toggle Plain Text)
  1. <?php
  2. echo file_get_contents($FileToGet);
  3. ?>
This will get the contents of the text file and echo it to the browser without executing any code inside.
2,
BLOB!
There is a field type in MySQL called BLOB (Binary Large Object) which I use for storing my files, it can hold a large amount of data, all you have to do is output it as you would with any other MySQL field
Reputation Points: 26
Solved Threads: 31
Posting Whiz
samarudge is offline Offline
354 posts
since May 2008
Permalink
Oct 28th, 2009
0
Re: How to store files for a Content Management System (CMS)
Storing files as, well, files is never a good idea, if stored as PHP files and then include/require(ed) the scripts could contain malicious code. There are two options;
1,
Save the file as .htm, .html, .txt (or some other plain text format)
Include the file with
php Syntax (Toggle Plain Text)
  1. <?php
  2. echo file_get_contents($FileToGet);
  3. ?>
This will get the contents of the text file and echo it to the browser without executing any code inside.
2,
BLOB!
There is a field type in MySQL called BLOB (Binary Large Object) which I use for storing my files, it can hold a large amount of data, all you have to do is output it as you would with any other MySQL field
Reputation Points: 26
Solved Threads: 31
Posting Whiz
samarudge is offline Offline
354 posts
since May 2008
Permalink
Oct 28th, 2009
0
Re: How to store files for a Content Management System (CMS)
Hi

Wishes For Your CMS

Please Consider:

MVC
--------> Modules
--------> View
--------> Controller

So Please refer this
Reputation Points: 10
Solved Threads: 3
Newbie Poster
alagirinetaxis is offline Offline
15 posts
since Oct 2009
Permalink
Oct 28th, 2009
0
Re: How to store files for a Content Management System (CMS)
Hi

Wishes For Your CMS

Please Consider:

MVC
--------> Modules
--------> View
--------> Controller

So Please refer this
Reputation Points: 10
Solved Threads: 3
Newbie Poster
alagirinetaxis is offline Offline
15 posts
since Oct 2009
Permalink
Oct 28th, 2009
0
Re: How to store files for a Content Management System (CMS)
Unfortunately I don't use any MVC yet cause I don't know . But I have 2 questions for *samarudge*:
1. I would have this link echo(ed) in the template header:
PHP Syntax (Toggle Plain Text)
  1. <script type="text/javascript" src="indexScript.js"></script>
  2. //but I don't want to echo in the source my script which is in the folder above. How can I do it?
2. I have a form:
PHP Syntax (Toggle Plain Text)
  1. <form name="login_form" action="login.php" method="POST"> 
  2. 	<td colspan="8" valign="middle" align="center" style="height:30px; width:500px;"> 
  3.  
  4. 	<span style="font-weight:bold; font:16px">Password:</span> 
  5. 	<input type="password" name="upass"  /> 
  6. 	<input type="submit" value="Login" style="width:60px; height:25px;" /></td> 
  7. </form>
The file "login.php" is in the folder above too (if I use your first option). What can I do in this situation? cause the browser can't find it in the root folder of the website.

Hope I did not missunderstood something from you . Now I must leave and get back in an 1-2 hours or so. Thanks for your interest in my problem!
Reputation Points: 11
Solved Threads: 7
Posting Whiz in Training
Clawsy is offline Offline
225 posts
since Feb 2008
Permalink
Oct 28th, 2009
0
Re: How to store files for a Content Management System (CMS)
Unfortunately I don't use any MVC yet cause I don't know . But I have 2 questions for *samarudge*:
1. I would have this link echo(ed) in the template header:
PHP Syntax (Toggle Plain Text)
  1. <script type="text/javascript" src="indexScript.js"></script>
  2. //but I don't want to echo in the source my script which is in the folder above. How can I do it?
2. I have a form:
PHP Syntax (Toggle Plain Text)
  1. <form name="login_form" action="login.php" method="POST"> 
  2. 	<td colspan="8" valign="middle" align="center" style="height:30px; width:500px;"> 
  3.  
  4. 	<span style="font-weight:bold; font:16px">Password:</span> 
  5. 	<input type="password" name="upass"  /> 
  6. 	<input type="submit" value="Login" style="width:60px; height:25px;" /></td> 
  7. </form>
The file "login.php" is in the folder above too (if I use your first option). What can I do in this situation? cause the browser can't find it in the root folder of the website.

Hope I did not missunderstood something from you . Now I must leave and get back in an 1-2 hours or so. Thanks for your interest in my problem!
Reputation Points: 11
Solved Threads: 7
Posting Whiz in Training
Clawsy is offline Offline
225 posts
since Feb 2008
Permalink
Nov 3rd, 2009
0
Re: How to store files for a Content Management System (CMS)
Not 100% sure what you mean but if you are in the file
/var/www/html/page/index.php (Local/On server)
and you are trying to access a file
/var/www/html/include/page.php (Local)
you can use the "Double Dot" syntax in PHP
php Syntax (Toggle Plain Text)
  1. include('../include/page.php');
would include the file
Is this what you meant?
Reputation Points: 26
Solved Threads: 31
Posting Whiz
samarudge is offline Offline
354 posts
since May 2008
Permalink
Nov 3rd, 2009
0
Re: How to store files for a Content Management System (CMS)
No, I mean if I have files like *.js and css in a folder like "/var/CMS/script.js" and the www is in the same folder as CMS, how can I make a link from html (which is in 'www' folder) to 'script.js' which is in 'CMS' folder? I gues I cannot...
So, link '/var/CMS/script.js' file in '/var/www/index.html'. What I was trying to do is to make the CMS folder unaccesible from the browser. (secure folder). Thanks for reply.
Reputation Points: 11
Solved Threads: 7
Posting Whiz in Training
Clawsy is offline Offline
225 posts
since Feb 2008

This thread is more than three months old

No one has posted to this discussion for at least three months. Please let old threads die and do not reply to them unless you feel you have something new and valuable to contribute that absolutely must be added to make the discussion complete. Otherwise, please start a new thread in this forum instead.
Message:
Previous Thread in PHP Forum Timeline: mysql_num_rows(): error needs to work in 24 hrs mac :S thanks in advance
Next Thread in PHP Forum Timeline: Broken query string in PHP


Tags
cms, folder, include, php, root



About Us | Contact Us | Advertise | Acceptable Use Policy
Forum Index | Build Custom RSS Feed


Follow us on Twitter


© 2011 DaniWeb® LLC