file structure

vang

hi,

i've seen articles that suggested this type of file structure to be more secure:

/system folder - containing all your php files, no one can see it.
/public folder- containing index.php

Assume if the index.php is a form, i was wondering how to call those files in the system folder to validate the form?

action = "http://www.example.com/system/form/validate.php"

Doesn't this give people a clue how your file structure would be when they see the html code?

Any guidance is appreciated, thanks.

Bjom

You are talking about a directory structure not a file structure
There is no benefit to throwing files that should be accessible through http requests into a different folder (other than a cleaner structure perhaps)
There can be a benefit to separate off all the "include" files into different folders - mainly because your folders will be less cluttered up. I am talking about any .php files that will not get "called" directly by a client/browser. see manual for include
Noone should be able to simply browse through the folders where you store those files you mention, that can be influenced by the server configuration, and usually a listing of your folders' contents is turned off by default.

vang

yes, i'm referring to the directory structure, to store php files above web root.
beside using the include function, is there other method can be used to execute the validate.php?

Bjom

Just like you hinted at in your first post:

This way the browser gets directed to it. That's perfectly fine and it can reside in the web root too. No security issue per se

Bjom

vang

but i dont want my directory structure to be expose to the public when they open up the html code :
<form action = "http://www.example.com/system/form/validate.php" method="post">
which is why i put my /system folder 1 level up the web root.
i was told that using include would cause security issues. that's why i'm looking for another safer method to achieve this. any sugestions?

Bjom

Ah! Now I understand.

You do not need the absolute path to the file at all. You can use relative paths.

E.g.: If the Validation file is in the same directory as the form simply use
action="validate.php"
if it is up one level use action="../validate.php"
and if it is down one level use action="myFolder/validate.php"

hth

Bjom

vang

yes, i know if it is up one level use action="../validate.php"
but mine was up one level and inside system folder and form folder
"../system/form/validate.ph"
i do not want to display it this way as public will see the directory structure.
any suggestion?

Bjom

Yes, the same suggestion again and again: place it in the same folder as the form.