- This topic is empty.
-
AuthorPosts
-
August 14, 2014 at 2:19 am #179018
__
ParticipantI’m confused. … If it isn’t accessible how would a file be retrieved for use in a web page?
Accessible from the web.
include
happens on the server (filesystem), not in the browser (over the internet).How do you make a file non-accessible?
Putting it in a directory above your web root, if you host allows you to, is the easiest and most sure method. If not, use Apache (either the conf file or an htaccess file) to deny all requests to the directory in question.
<directory /path/to/your/includes/directory> Order Deny,Allow Deny from all </directory>
The specific instructions might be different depending on how recent a version your host runs. Remember, if you have an existing htaccess file, make a backup before you change anything. Talk to your host about the best way to make all these changes.
What’s the potential risk if an include is something as simple as a navigation bar or some such?
If it’s just html, probably none. But you’ll probably eventually have includes with other code that might have sensitive information or cause problems if run separately. It’s just a bad habit. (And what if google indexes your nav menu?)
Isn’t the file in the example you gave in the web root? i.e.
"{$_SERVER['DOCUMENT_ROOT']/templates/your-top-menu.html}"
No, it’s in
<web root>/templates
.
I understand your question, though. That’s why I mentioned making the directory in question (templates
, in this case) inaccessible.Do I place the
<?php include
within the<nav></nav>
or […] where the<nav> </nav>
and the markup for the navigation bar was at?Are the
<nav>
tags in your menu file? They can be in the markup on the main page, or in the nav menu file. One or the other, not both. Having said that, I think it makes more sense to keep the<nav>
tags with the rest of the menu.I am certain the file path is correct. I typed the url direct and the nav bar shows up.
Can you share a link to the nav menu page?
Would you please check the contact form and its file accessibility for any security issues?
The contact form should also be in an inaccessible directory. Because of the way it is written, however, accessing it directly wouldn’t cause any errors or security risk. It is only a class definition, and executes no code on its own, so you’d just see a blank page. As mentioned above, it’s still a good habit to keep it hidden.
August 14, 2014 at 3:16 am #179023Anonymous
InactiveAugust 14, 2014 at 10:10 am #179081__
ParticipantSo, it should be
include "{$_SERVER['DOCUMENT_ROOT']}/new/test/nav-bar.html";
Is that what you’re trying?
August 14, 2014 at 10:15 am #179082Anonymous
Inactiveinclude "{$_SERVER['DOCUMENT_ROOT']}/new/test/nav-bar.html";
Is that what you’re trying?
Yes.
Also, I am told by my host that rules can be written in the .htaccess file to deny public access to my files and directories. This is way beyond my means and understanding at this point however.
I am told it is possible to create a directory above the root, but that this creates problems in domains. Again, way over my means and knowledge.
Best Regards.
August 14, 2014 at 12:22 pm #179099__
ParticipantNo error messages (view source to double-check)?
Sounds like htaccess would be your best option. Go ahead and try if you like, just remember to backup first. If you’d rather not right now, you don’t have any immediate risk. It is something that can be done later.
August 14, 2014 at 7:45 pm #179134Anonymous
InactiveNo error messages (view source to double-check)?
I haven’t seen any.
I think I’ll leave changing the .htaccess alone for now since I haven’t a clue what to do and my final files and directories aren’t in place.
August 14, 2014 at 9:16 pm #179140__
ParticipantI haven’t seen any.
try changing
include
torequire
. It does the same thing, but, if there is an error, will make it much louder.I think I’ll leave changing the .htaccess alone for now since I haven’t a clue what to do and my final files and directories aren’t in place.
Sounds like a good idea.
August 14, 2014 at 9:27 pm #179141Anonymous
InactiveGreetings traq,
I made the change and still no nan bar showing on the page. The page shows, but no errors or nav bar. I checked the error logs and nothing there either.
Best Regards.
August 14, 2014 at 10:01 pm #179145__
ParticipantTook a second look: your test page needs to be a
.php
page before it will execute php code. If you look at your test page’s source, you’ll see the php code in plain text.August 14, 2014 at 10:32 pm #179147Anonymous
InactiveTook a second look: your test page needs to be a .php page before it will execute php code.
Doh! Stupid mistake!
I’m now getting this:
Parse error: syntax error, unexpected ‘/’, expecting ‘}’ in /””/””/””/test_page_7alt4.php on line 755 which is the <?php include.
I will be away for a few days and depart i8n afew hours so if no reply from me, I will get back with you upon my return.
Many Thanks and Have a Great Weekend!
August 14, 2014 at 10:44 pm #179148__
ParticipantParse error: syntax error, unexpected ‘/’, expecting ‘}’ in /””/””/””/test_page_7alt4.php on line 755 which is the <?php include.
"{$_SERVER['DOCUMENT_ROOT']}/new/test/nav-bar.html"
Are you transposing the
}
and the/
, maybe?August 14, 2014 at 11:01 pm #179150Anonymous
InactiveI copied it from your post here which has
<?php include "{$_SERVER['DOCUMENT_ROOT']/templates/your-top-menu.html}"; ?>
but have now changed it to<?php include "{$_SERVER['DOCUMENT_ROOT']}/templates/your-top-menu.html}"; ?>
having my path of course.I am now getting the following on the page itself where the navigation bar should be.
Warning: include(/””/””/test/nav-bar.html}): failed to open stream: No such file or directory in /””/””/test_page_7alt4.php on line 755
Warning: include(): Failed opening ‘/””/””/test/nav-bar.html}’ for inclusion (include_path=’.:/opt/alt/php55/usr/share/pear:/opt/alt/php55/usr/share/php’) in /”/”/test_page_7alt4.php on line 755
August 15, 2014 at 10:06 am #179196__
Participant"{$_SERVER['DOCUMENT_ROOT']}/templates/your-top-menu.html"
Sorry about that. My bad.
The braces go around the variable only. They are necessary when you want to put a complex variable (e.g., an array variable with an index notation) inside a string.
August 17, 2014 at 12:40 am #179316Anonymous
InactiveSorry about that. My bad.
Not a problem. I feel less awkward when even a pro makes a mistake and the correction sticks in my mind better.
It is working now and it’s one of the coolest things I’ve encountered yet. The versatility of this simple script is inspiring and I feel like a kid with a new toy or an old man with a new Viagra refill.
Thank you so much traq for all of this! You’ve given me the greatest gift anyone can give another human being; knowledge.
August 17, 2014 at 11:28 am #179372__
ParticipantI feel less awkward when even a pro makes a mistake and the correction sticks in my mind better.
No worries. Everyone makes mistakes. Typos are so common that it gets really hard to think of them as “errors” after a while.
The versatility of this simple script is inspiring and I feel like a kid with a new toy or an old man with a new Viagra refill.
mmm… too much information.
Thank you so much traq for all of this!
You’re very welcome!
-
AuthorPosts
- The forum ‘Other’ is closed to new topics and replies.