Point to a folder before DOCUMENT ROOT?

Question

Point to a folder before DOCUMENT ROOT?

Asked 7 years, 10 months ago

Viewed 972 times

3

Below follows the folder structure:

/home/web/site/public_html

If I give an echo $_SERVER['DOCUMENT_ROOT']

I’ll get the path to public_html, but I’d like to make some files inaccessible directly by the URL so I’m putting these files inside the /home/web/site but I wish I didn’t have to use ../../../ to return until arriving in /site and having to guess how many folders I must go back to to get to the destination, has some easier way to point to a folder before default?

And if I want to call the files for a tag img or video through the src="algo..." it would be a more practical solution to serve such files through a php script and limit the permissions of it? If yes how can I create it?

2 answers

2

The server would not "point" to the directory, after all, it would not be public. But you can upload private content to a script PHP. Define a constant and do a kind of "access validation" in the application itself.

How is it possible to do this with images using the library php-gd:

php image.:

<?php
defined('FILES') OR define('FILES', '/home/web/site/');
if($_GET['img']){
    $filename = FILES.$_GET['img'];
    if(file_exists($filename)){
        $file_info = getimagesize($filename);
        foreach ($file_info as $i => $v){
            if($v == 'image/png'){
                $mime = $v;
                $img = imagecreatefrompng($filename);
            }
            elseif($v == 'image/jpg'){
                $mime = $v;
                $img = imagecreatefromjpg($filename);
            }
        }
        header("Content-type: " . $mime);
        imagepng($img);
        imagedestroy($im);
    }
    else{
        echo 'Imagem nao localizada!';
    }
}
else{
    echo 'Imagem não definida!';
}

Just pass the full name of the image in the url: imagem.php?img=imagename.jpg.

To stream videos, it’s worth studying things like Videostream.php. Behold:

php stream.

<?php
include 'VideoStream.php';
defined('FILES') OR define('FILES', '/home/web/site/');
$video = new VideoStream(FILES.'videoname.mp4');
$video->start();

You can set the appropriate security and permissions on PHP and it loads the content into the browser.

but this will leave the files accessible through the url in the browser, no?

– Leo Letto

2017/01/19 at 13:23
You’re right. The files are not available to the web server, only to the application (that’s it, isn’t it?). I edited the answer ;)

– ShutUpMagda

2017/01/19 at 13:24
if I call it an img tag works? example src="<? FILES? >"/rest of the way.jpg"

– Leo Letto

2017/01/19 at 13:32
Not because then the file would need to be public. You can create a script php which has permission to access the file and return the image. something like: jpeg.php? image=filename.jpg.

– ShutUpMagda

2017/01/19 at 13:37
But ai would make it unviable since the script would need to be accessible on the web for me to call it through the url

– Leo Letto

2017/01/19 at 13:38
Yes, but it’s not unfeasible. Whoever accesses the script does not necessarily access the image. And you can configure the script to give access with permission (or authentication), or parameter validation, etc. I can test, but recommend that you edit your question and inform (clearly) that, although restricted, the images would need to be shown in the browser ;)

– ShutUpMagda

2017/01/19 at 13:41
Edited, in fact these are video files, so it is important that they are accessible through src tags but not by the direct path in the url

– Leo Letto

2017/01/19 at 13:46

Show 2 more comments

Browser other questions tagged php apache path

You are not signed in. Login or sign up in order to post.

by Daniel Omine • **19,666** points · Answer 1 · 2017-01-19T13:26:53+00:00

A simple way is to define a constant for the location you want.

define('PRIVATE_BASE', _DIR_.'/../');

With that just call PRIVATE_BASE to mount the path base.

Of course this will depend on how the application is structured. Normally it should have a single file that serves as a route for all others. The index.php, for example.

If you don’t have a route file, you can choose a "config.php" or something. Then include this "config.php" in the files you want to get the path information.

Note that you are still using the directory indentation. But it will use only once.

It is preferable to use recoil if you want to give flexibility to the application.

If you still want to set the path statically, be aware that if you need to run the application in an environment with different structures, you will have to manually edit the paths.

define('PRIVATE_BASE', '/home/www/site/');