| Re: Calling a php file from another on apache server [message #181081 is a reply to message #181079] |
Wed, 10 April 2013 22:43   |
The Natural Philosoph
Messages: 993
Registered: September 2010
Karma:
|
Senior Member |
|
|
On 10/04/13 21:34, Jordan Thompson wrote:
> Hi Jerry,
> thanks for getting back...
>> First of all, do you have permission to issue the exec() function? Many
> *** Yes, because the "hello.txt" file that is being touched in the lower-level file is being created by that file.
>> shared systems have it disabled for security reasons.
>>
>>
>>
>> If you do have permission, is the php executable available to you?
> *** Yes - see above
>> Again, on a shared system, it may or may not be.
>>
>>
>>
>> Finally, if it is available, the second script is going to be executed
>>
>> in the cli environment, not the web. This means the session_start()
>>
>> will fail, as there is no web server involved (well, it may not fail -
>>
>> but it won't do anything). And its output goes to stdout, (which is fed
>>
>> back to the second parameter of exec(), which you are not using, so it
>>
>> is thrown away), not to the web.
> *** I am not getting any errors in either the apache log or the php log, but that would explain why nothing is displaying on the browser. How can I do this?
>>
>>
>> IOW, what you're trying to do is definitely not common, and probably not
>>
>> the right way to go about things.
>>
>>
>>
>> What is it you're really trying to do?
> Fair enough. I want to call a php file that will access a database and return the results of its query into the web page so it looks seamless to the user.
>
> I tried doing this via an include. It worked, but I would have to expose the username/password in a file accessible to the web (under htdocs.)
That is how you do it. But the file can reside anywhere on the server.
> I tried putting it in cgi-bin (and including it from there), but that did not work because apache correctly won't allow a client into cgi-bin (but calling it from cgi-bin seems to work, but nothing is displayed to the user.)
?? me not understand this part
> What is the correct way to hide the username/password from the user (preferably in a single file that is included in various php files) and display the results in html for a browser?
php files on a correctly configured system cannot be read as source
anyway. They can at best be interpreted by the php interpreter.
If all you have is a ftp accessible server on someone elses machine and
you are really paranoid., create a directory off the web servers root
called 'private,. and block WEB access to it with a .htaccess file that
disallows browsing in it and include files that reside inside it.
i.,e
/index.php - your main file which will include('private/database.php');
/private/.htaccess - your access file that disallows browsing or direct
access inside it
/private/database.php - your saucerful of secrets :-)
--
Ineptocracy
(in-ep-toc’-ra-cy) – a system of government where the least capable to lead are elected by the least capable of producing, and where the members of society least likely to sustain themselves or succeed, are rewarded with goods and services paid for by the confiscated wealth of a diminishing number of producers.
|
|
|
|
Calendar
Search
Help
Members
Register
Login
Home
]