| Re: Using a single php entry file for a whole site. [message #181875 is a reply to message #181865] |
Thu, 20 June 2013 21:38   |
The Natural Philosoph
Messages: 993
Registered: September 2010
Karma:
|
Senior Member |
|
|
On 20/06/13 20:29, Marc van Lieshout wrote:
> On 20-06-13 19:22, The Natural Philosopher wrote:
>>
>> What I would like to do, is the following.
>>
>> ALL request to a site are redirected by apache rules to one single file.
>> Let's call it index.php.
>> Index.php notes the URL the user wants and looks it up in a database,
>> and if it exists, includes() the actual PHP file for that page.
>> If it doesn't exist, a standard 'sorry, you are looking for a page that
>> doesn't exist' is returned, if possible with the correct error code in
>> the headers?
>> The php files themselves apart from index.php do NOT live under the web
>> root. They might in fact live in the database. But that's stage 2.
>>
>> Is this possible, and if so what if any are the downsides?
>>
>> It seems to me that a user or robot level scrape of the site would not
>> show anything of its true internal structure. But still show all the
>> paths through it.
>>
>> What I want to do is have stuff like
>>
>> http:/mysite.com/news/Dog-Bites-Man
>>
>> redirect to say
>>
>> /var/private/newspage.php?id=3041
>>
>> where there exists a mysql table with a name value pair of
>>
>> news/Dog-Bites-Man: /var/private/newspage.php?id=3041
>> or
>> menu/Contact-the-webmaster: /var/private/contact.php?target=webmaster
>>
>> and so on.
>>
>> And possible a field for keywords to search the site with.
>>
>
> That looks indeed like a small framework. Some remarks:
>
> 1. You don't need apache rewriting you can use $_SERVER['PATH_INFO']
> and use url's like:
>
> http:/mysite.com/index.php/news/Dog-Bites-Man
>
> or a page controller:
>
> http:/mysite.com/index.php?site=%2Fnews%2FDog-Bites-Man
>
I could, but this is something I am prototyping to mimic an existing
server. So I need absolute freedom to say 'link on new server behaves
exactly like link on old server' (or even seamlessly redirects there)
>
> 2. For the sake of security, put the part that accesses the DB outside
> of index.php. It contains an uid and a password.
>
Well ahead of you there mate :-)
include file in a directory that is password protected and may actually
be moved out of the document root tree altogether. If PHP include can be
something like
include('/etc/websites/locales/this_site.php' )
Performance, security and backwards compatibility are the three issues I
want to understand, because I may need to..for reasons I won't go into
here.
Because it would be built on a vps, everything is configurable to those ends
>
> The scheme will be like this:
>
> in index.php:
> include "/path/ouside/webroot/dispatcher.php"
>
Ah! you imply that works. excellent!
> in dispatcher.php:
> $conn = new PDO(....);
> $stmnt = $conn->prepare(
> 'SELECT target from dispatch WHERE source = :src');
> $stmnt->execute(':src' => $_SERVER['PATH_INFO']);
> $row = $stmnt->fetch(PDO::FETCH_ASSOC);
>
> if ($row === false)
> // dispatch to 404
> ;
> else
> include('/path/outside/webroot/' . $row['target']);
>
>
> That's all.
yep. Pretty much the same algo. I am using except I don't do OO :-)
If this comes to anything, I may need to have code maintained by old
duffers who cut their teeth on assembler, rather than bushy tailed kids
who do all this new fangled OO stuff.
Look, many thinks for that. Its is always nice to have questions
answered before you ask, and have the general idea confirmed as well.
I think the general ideas of how to do it is now pretty clear, but there
are some detail issues as to how much can and should go IN the database.
I think anything small can, but big images and videos? Hmm.
Can you execute PHP code stored in a database??
I suppose in the limit you could write it to a file, and once written
include() it?
is there a better way? eval()? It comes with health warnings..
...select page from code_table where id='12345'..eval (page)...hmm.
I guess its as secure as the database would be. No one who got access to
the web area would be able to compromise it..
And there wont be much if any user input into INTO the database, and
that might be to a different database anyway..under a different
name/password
And since its PM here in Europe, I think time for an ebook in bed, and
mull it over.
--
Ineptocracy
(in-ep-toc’-ra-cy) – a system of government where the least capable to lead are elected by the least capable of producing, and where the members of society least likely to sustain themselves or succeed, are rewarded with goods and services paid for by the confiscated wealth of a diminishing number of producers.
|
|
|
|
Calendar
Search
Help
Members
Register
Login
Home
]