Solved

Post to page above wwwroot directory

Posted on 2009-04-14
3
292 Views
Last Modified: 2013-12-13
Hello,

I have created a php page that I would like to POST to a second php script that lives above the root web directory for security reasons. The page living above web root will then interface with a db file and redirect back to a final landing page. However upon submitting the form, a 404 error is displayed and I notice the url shows as looking for the second script page under web root. This sort of thing works on the old non php hosted website so what am I missing? Worth noting is that on both sites I have ftp access to the above web root directories.
0
Comment
Question by:bnrtech
  • 2
3 Comments
 
LVL 34

Accepted Solution

by:
Beverley Portlock earned 500 total points
ID: 24140619
I presume you are attempting to send Apache to this external page via a form action or a header directive?

The only effective way to do this is to "include" or "require" the page outside the web directory into a script that is accessible within the web root. Let us say that "outside.php" is outside the webroot and "inside.php" is inside it then something like this

// inside.php
//
if ( isset( $_POST['submit'] ) ) {
   
    include "outside.php";

}

<form action='inside.php' method='post'>
..... code
<input name='submit' type='submit' value='Do something' />
</form>
0
 
LVL 34

Expert Comment

by:Beverley Portlock
ID: 24140635
" This sort of thing works on the old non php hosted website so what am I missing? "

I forgot to comment on this. It could be that the old site "included" the external folder via a symbolic link or that the webroot was higher up than you thought. It sounds like security is better on your new server.
0
 

Author Closing Comment

by:bnrtech
ID: 31569939
Works like a charm and security is intact, thanks!
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
Introduction This article is intended for those who are new to PHP error handling (https://www.experts-exchange.com/articles/11769/And-by-the-way-I-am-New-to-PHP.html).  It addresses one of the most common problems that plague beginning PHP develop…
The viewer will learn how to dynamically set the form action using jQuery.
The viewer will learn how to count occurrences of each item in an array.

832 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question