Hello to all,
I am working on a small Application Service Provider model for local real estate agencies. For code maintenance and update reasons, all domains need to run off a single directory of main application pages and everything else is an include. The include path is determined by the domain prefix. Because it will need to run on SSL (single IP server), and I don't want to be forced to have a separate certificate for each of my clients and run them on separate ports, each agency will have a url of the form http://abc-realty.maindomain.com to access their intranet. What I do then is just extract the domain prefix from $_SERVER['HTTP_HOST'] so I can pull the correct inc files for that particular client (config.inc.php, html header and footer, style sheets...).
My question is: is it safe to save such sensible variables as include paths in session variables ? Any ideas for better ways of doing this ? Below is the basis of the code that would do this...
Many thanks,
-David
if (!$_SESSION['client_inc_path']) {
// Convert domain to include path
$inc_base_dir="../inc/";
$domain_ext=".maindomain.tld";
$client=strtolower(str_replace($domain_ext,"",$_SERVER['HTTP_HOST']));
// Make sure directory is valid
if (!is_dir($inc_base_dir.$client)) {
echo "invalid path / domain";
exit;
}
else {
session_start();
$_SESSION['client_inc_path']=$inc_base_dir.$client;
$client_inc_path=$_SESSION['client_inc_path'];
}
}
else {
$client_inc_path=$_SESSION['client_inc_path'];
}
require "$client_inc_path/admin_config.inc.php";
require "$client_inc_path/admin_html_header.inc.php";
//main content / application page follows....
