Solved

Post to page above wwwroot directory

Posted on 2009-04-14
3
293 Views
Last Modified: 2013-12-13
Hello,

I have created a php page that I would like to POST to a second php script that lives above the root web directory for security reasons. The page living above web root will then interface with a db file and redirect back to a final landing page. However upon submitting the form, a 404 error is displayed and I notice the url shows as looking for the second script page under web root. This sort of thing works on the old non php hosted website so what am I missing? Worth noting is that on both sites I have ftp access to the above web root directories.
0
Comment
Question by:bnrtech
  • 2
3 Comments
 
LVL 34

Accepted Solution

by:
Beverley Portlock earned 500 total points
ID: 24140619
I presume you are attempting to send Apache to this external page via a form action or a header directive?

The only effective way to do this is to "include" or "require" the page outside the web directory into a script that is accessible within the web root. Let us say that "outside.php" is outside the webroot and "inside.php" is inside it then something like this

// inside.php
//
if ( isset( $_POST['submit'] ) ) {
   
    include "outside.php";

}

<form action='inside.php' method='post'>
..... code
<input name='submit' type='submit' value='Do something' />
</form>
0
 
LVL 34

Expert Comment

by:Beverley Portlock
ID: 24140635
" This sort of thing works on the old non php hosted website so what am I missing? "

I forgot to comment on this. It could be that the old site "included" the external folder via a symbolic link or that the webroot was higher up than you thought. It sounds like security is better on your new server.
0
 

Author Closing Comment

by:bnrtech
ID: 31569939
Works like a charm and security is intact, thanks!
0

Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Part of the Global Positioning System A geocode (https://developers.google.com/maps/documentation/geocoding/) is the major subset of a GPS coordinate (http://en.wikipedia.org/wiki/Global_Positioning_System), the other parts being the altitude and t…
Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
The viewer will learn how to count occurrences of each item in an array.
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question