Start New Discussion Reply to this Discussion How to store files for a Content Management System (CMS)
I'm building a Content Management System on my own in PHP & MySql. I thought it's a good idea that all CMS files to be stored secure on the server "before" www folder so that it can't be accesed from the browser (all cms files in one folder). In www folder it's only the TEMPLATE cause I want to separate template from CMS, separate folders. I can include *.php files from folder above but I can't include the JavaScript files and other files that are linked from forms. For example at login: my login form actions on "login.php" which is in folder above root so it can't be accessed.
My question are:
- it is a good idea to store all CMS files in folder above 'www' folder? If so, how can I include the files correctly? If not, what's the best option to place my CMS folder? (remember I must separate the template from CMS. The template only calls 3,4 functions from CMS to show menu, content, etc. so that I can change the template without changing the content)
Thanks. Hope somebody helps :)
Clawsy
Posting Whiz in Training
225 posts since Feb 2008
Reputation Points: 11
Solved Threads: 7
Skill Endorsements: 0
Storing files as, well, files is never a good idea, if stored as PHP files and then include/require(ed) the scripts could contain malicious code. There are two options;
1,
Save the file as .htm, .html, .txt (or some other plain text format)
Include the file with
<?php
echo file_get_contents($FileToGet);
?>
This will get the contents of the text file and echo it to the browser without executing any code inside.
2,
BLOB!
There is a field type in MySQL called BLOB (Binary Large Object) which I use for storing my files, it can hold a large amount of data, all you have to do is output it as you would with any other MySQL field
samarudge
Posting Whiz
359 posts since May 2008
Reputation Points: 26
Solved Threads: 31
Skill Endorsements: 0
Storing files as, well, files is never a good idea, if stored as PHP files and then include/require(ed) the scripts could contain malicious code. There are two options;
1,
Save the file as .htm, .html, .txt (or some other plain text format)
Include the file with
<?php
echo file_get_contents($FileToGet);
?>
This will get the contents of the text file and echo it to the browser without executing any code inside.
2,
BLOB!
There is a field type in MySQL called BLOB (Binary Large Object) which I use for storing my files, it can hold a large amount of data, all you have to do is output it as you would with any other MySQL field
samarudge
Posting Whiz
359 posts since May 2008
Reputation Points: 26
Solved Threads: 31
Skill Endorsements: 0
Hi
Wishes For Your CMS
Please Consider:
MVC
--------> Modules
--------> View
--------> Controller
So Please refer this
alagirinetaxis
Newbie Poster
15 posts since Oct 2009
Reputation Points: 10
Solved Threads: 3
Skill Endorsements: 0
Hi
Wishes For Your CMS
Please Consider:
MVC
--------> Modules
--------> View
--------> Controller
So Please refer this
alagirinetaxis
Newbie Poster
15 posts since Oct 2009
Reputation Points: 10
Solved Threads: 3
Skill Endorsements: 0
Unfortunately I don't use any MVC yet cause I don't know :(. But I have 2 questions for *samarudge*:
1. I would have this link echo(ed) in the template header:
<script type="text/javascript" src="indexScript.js"></script>
//but I don't want to echo in the source my script which is in the folder above. How can I do it?
2. I have a form:
<form name="login_form" action="login.php" method="POST">
<td colspan="8" valign="middle" align="center" style="height:30px; width:500px;">
<span style="font-weight:bold; font:16px">Password:</span>
<input type="password" name="upass" />
<input type="submit" value="Login" style="width:60px; height:25px;" /></td>
</form>
The file "login.php" is in the folder above too (if I use your first option). What can I do in this situation? cause the browser can't find it in the root folder of the website.
Hope I did not missunderstood something from you :). Now I must leave and get back in an 1-2 hours or so. Thanks for your interest in my problem!
Clawsy
Posting Whiz in Training
225 posts since Feb 2008
Reputation Points: 11
Solved Threads: 7
Skill Endorsements: 0
Unfortunately I don't use any MVC yet cause I don't know :(. But I have 2 questions for *samarudge*:
1. I would have this link echo(ed) in the template header:
<script type="text/javascript" src="indexScript.js"></script>
//but I don't want to echo in the source my script which is in the folder above. How can I do it?
2. I have a form:
<form name="login_form" action="login.php" method="POST">
<td colspan="8" valign="middle" align="center" style="height:30px; width:500px;">
<span style="font-weight:bold; font:16px">Password:</span>
<input type="password" name="upass" />
<input type="submit" value="Login" style="width:60px; height:25px;" /></td>
</form>
The file "login.php" is in the folder above too (if I use your first option). What can I do in this situation? cause the browser can't find it in the root folder of the website.
Hope I did not missunderstood something from you :). Now I must leave and get back in an 1-2 hours or so. Thanks for your interest in my problem!
Clawsy
Posting Whiz in Training
225 posts since Feb 2008
Reputation Points: 11
Solved Threads: 7
Skill Endorsements: 0
Not 100% sure what you mean but if you are in the file
/var/www/html/page/index.php (Local/On server)
and you are trying to access a file
/var/www/html/include/page.php (Local)
you can use the "Double Dot" syntax in PHP
include('../include/page.php');
would include the file
Is this what you meant?
samarudge
Posting Whiz
359 posts since May 2008
Reputation Points: 26
Solved Threads: 31
Skill Endorsements: 0
No, I mean if I have files like *.js and css in a folder like "/var/CMS/script.js" and the www is in the same folder as CMS, how can I make a link from html (which is in 'www' folder) to 'script.js' which is in 'CMS' folder? I gues I cannot...
So, link '/var/CMS/script.js' file in '/var/www/index.html'. What I was trying to do is to make the CMS folder unaccesible from the browser. (secure folder). Thanks for reply.
Clawsy
Posting Whiz in Training
225 posts since Feb 2008
Reputation Points: 11
Solved Threads: 7
Skill Endorsements: 0
© 2013 DaniWeb® LLC
Page generated in 0.0865 seconds
using 2.77MB
RSS Feed