#1
  1. No Profile Picture
    Contributing User
    Devshed Loyal (3000 - 3499 posts)

    Join Date
    Dec 2004
    Posts
    3,031
    Rep Power
    377

    Making site development more efficient. Tips?


    background:

    So what our company does is create landing pages & send newsletters to users and when users click they "land" on these pages.

    1. Users fill the form & press submit
    2. The page then processes this info, send data to our backend
    - creates an xml from user data
    - uses a soap api to login, send data & then log out.
    3. show thank you page

    The developer previous to me, he would create all the pages (form, process, thank you) separately for each "campaign" we did.

    When i started, I split this up, the landing page is still separate, but for most campaigns, the data goes to ONE page which is re-used. It is still not efficient. What I am having trouble with is:

    1. How do I make it more efficient? do i create a wrapper class for the api? or do I just do an include(process file), have another file that creates the XML feed that into process file, then return success/failure?

    2. I also need to know if I can store PHP files outside the root, but then have some JS files use them? if I do symlink, will this expose the php file location? i.e. can they be hacked by creating symlink.

    The idea is I want to hold CSS/JS/Images/fonts/PHP outside the root so that ALL the campaigns can use these but i know for example, CSS/JS wont be able to "link to/use" files outside the root as they need valid URLs?
  2. #2
  3. Mad Scientist
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Oct 2007
    Location
    North Yorkshire, UK
    Posts
    3,661
    Rep Power
    4124
    You can store files where ever you want.

    How you access them is also up to you

    1 - have a bootstrap php file which includes the library, eg

    PHP Code:
    //
    include("../../app/start.php"); //(or use abs path eg /var/www/common/app/start.php)

    $api = new API;
    $api->Execute(); 
    or you put that same code in one file and symlink to it from each web root.

    Either way get the benefit from having just one file/library in one place - you just have to decide which you would rather maintain - several identical files which do nothing more than include one file, or a bunch of symlinks?

    On some servers the openbase_dir directive will get in the way, but you should be able to over ride this
    I said I didn't like ORM!!! <?php $this->model->update($this->request->resources[0])->set($this->request->getData())->getData('count'); ?>

    PDO vs mysql_* functions: Find a Migration Guide Here

    [ Xeneco - T'interweb Development ] - [ Are you a Help Vampire? ] - [ Read The manual! ] - [ W3 methods - GET, POST, etc ] - [ Web Design Hell ]
  4. #3
  5. No Profile Picture
    Contributing User
    Devshed Loyal (3000 - 3499 posts)

    Join Date
    Dec 2004
    Posts
    3,031
    Rep Power
    377
    i only mentioned symlinks because i know i can store php outside the root (well almost all php files, not the one used by JS scripts) but the problem is with JS/CSS files/code which needs a URL which is inside the root directory for ex.

    #id {
    background: url('images/index.jpg');
    }

    etc

    for these, i would need the symlinks and then once i have symlinks, i wouldnt need to actually maintain them, just the files they are linking to?

    That is my idea i.e .what you said, i want to maintain one copy of the file rather than 10 copies all over my web server.
  6. #4
  7. Mad Scientist
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Oct 2007
    Location
    North Yorkshire, UK
    Posts
    3,661
    Rep Power
    4124
    There's also version control. Each website checks out the code base from a central repository. That way you can maintain one code base, get the power of version control and have all your files. You can even create branches for the exceptions and merge later if required. You're also not limited to being on the same physical server.

    Also, consider an off-site CDN for your static images/stylesheets/js files. Rackspace cloud charges £0.12/ GB / month storage (and the same again for bandwidth ) and makes this all accessible on the Akamai network. You get a unique URL which you can cname one of your own sub domains to
    I said I didn't like ORM!!! <?php $this->model->update($this->request->resources[0])->set($this->request->getData())->getData('count'); ?>

    PDO vs mysql_* functions: Find a Migration Guide Here

    [ Xeneco - T'interweb Development ] - [ Are you a Help Vampire? ] - [ Read The manual! ] - [ W3 methods - GET, POST, etc ] - [ Web Design Hell ]
  8. #5
  9. No Profile Picture
    Contributing User
    Devshed Loyal (3000 - 3499 posts)

    Join Date
    Dec 2004
    Posts
    3,031
    Rep Power
    377
    thanks for your input Northie, as always.

    One question about symlinks, if i create symlinks for files outside the root folder, surely these files are not secure anymore because users can get to them via the symlink?
  10. #6
  11. Mad Scientist
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Oct 2007
    Location
    North Yorkshire, UK
    Posts
    3,661
    Rep Power
    4124
    what are your security concerns?

    Some people put files outside the web root so that they cannot be called directly using http.

    I understand from your request that you are simply looking for a way to manage one file/code base and access it from multiple locations.....security has never come into it and you only need put the files that need to be accessed from http as symlinks
    I said I didn't like ORM!!! <?php $this->model->update($this->request->resources[0])->set($this->request->getData())->getData('count'); ?>

    PDO vs mysql_* functions: Find a Migration Guide Here

    [ Xeneco - T'interweb Development ] - [ Are you a Help Vampire? ] - [ Read The manual! ] - [ W3 methods - GET, POST, etc ] - [ Web Design Hell ]
  12. #7
  13. No Profile Picture
    Contributing User
    Devshed Loyal (3000 - 3499 posts)

    Join Date
    Dec 2004
    Posts
    3,031
    Rep Power
    377
    well one of the reasons i wanted to put the files outside root was so that people couldn't access them. The other reason of course was having one file/code base so there is no repetition.

    Sorry if i didn't make that clear.
  14. #8
  15. Mad Scientist
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Oct 2007
    Location
    North Yorkshire, UK
    Posts
    3,661
    Rep Power
    4124
    If you can't access them then they're neither use nor ornament!
    I said I didn't like ORM!!! <?php $this->model->update($this->request->resources[0])->set($this->request->getData())->getData('count'); ?>

    PDO vs mysql_* functions: Find a Migration Guide Here

    [ Xeneco - T'interweb Development ] - [ Are you a Help Vampire? ] - [ Read The manual! ] - [ W3 methods - GET, POST, etc ] - [ Web Design Hell ]
  16. #9
  17. No Profile Picture
    Contributing User
    Devshed Loyal (3000 - 3499 posts)

    Join Date
    Dec 2004
    Posts
    3,031
    Rep Power
    377
    but you can access them :s this is why i was asking if I put them outside the root and then do symlink, will i be able to access the JS/CSS files?
  18. #10
  19. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,959
    Rep Power
    1014
    Hi,

    I think there's a fundamental misunderstanding -- or rather a fallacy. You cannot "hide" resources and at the same time publish them on your website. That's a contradition in terms. If you want your visitors to use your CSS and JavaScript files, you have to let them download those files, which means any visitor can view them, save them etc. That's how HTTP works. If you don't want people to see your files, you need to remove them from your webserver and lock them in a safe or something.

    I know that people have tried again and again to somehow protect their files with a click blocker and other nonsense. None of this works. Either you send me the data, or you don't send it. There is no in-between. There is no "look but don't touch".
    The 6 worst sins of security ē How to (properly) access a MySQL database with PHP

    Why canít I use certain words like "drop" as part of my Security Question answers?
    There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".
  20. #11
  21. No Profile Picture
    Contributing User
    Devshed Loyal (3000 - 3499 posts)

    Join Date
    Dec 2004
    Posts
    3,031
    Rep Power
    377
    No I understand the concept of that. My idea is two folds:

    1. store everything outside root (so it is easier to manage i.e .one file as opposed to copies)
    2. "hide" PHP code so that users cannot go to it directly.
    3. Create symlinks so that JS/CSS files are accessible even though they are outside root.

    My question relate to: 3 mainly.
    Can I do it? and secondly if a JS file needs to use PHP, does that mean that file needs to be exposed or at the very least SYMLINKED so JS can access it?

    My websites will be something like:

    /include
    /php files
    /JS files etc
    /site1/public
    /site2/public
  22. #12
  23. Mad Scientist
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Oct 2007
    Location
    North Yorkshire, UK
    Posts
    3,661
    Rep Power
    4124
    As you know, http can only access files inside the web root

    If the file has no ability to execute code server side (eg images, stylesheets, js files) then it (or a symlink to it) must be placed in/under the web root. Colloquially these are referred to as "static files"

    If the file does have the ability to be processed server side (eg php) then at least one entry file (or a symlink to it) must be placed in/under the web root. Then, when accessed it can include files from anywhere on the file system (which is why we use the openbase directive to limit access). Colloquially these are referred to as "dynamic files"

    If you have coded your files in such a way that if accessed directly it would cause a problem, then consider rewriting them. For example, one class per file and called by/controlled by another file. Eventually you'll end up with just one file - probably your front controller - and it is this file which needs to be accessed (directly or via a symlink) from the web accessible path.

    Also remember that raw PHP code inside the PHP files IS NOT sent to the client - it is processed server side and the OUTPUT sent to the client (eg the HTML, resized image or dynamically generated CSS/JS).

    If a javascript file contains PHP code to dynamically generate the js code then treat it as if is was a PHP file - because it is a php file from the point of view of how you have configured your webserver; regardless of your file extension and content-type header. Such files fall under the dynamic category in the same way all php files do
    I said I didn't like ORM!!! <?php $this->model->update($this->request->resources[0])->set($this->request->getData())->getData('count'); ?>

    PDO vs mysql_* functions: Find a Migration Guide Here

    [ Xeneco - T'interweb Development ] - [ Are you a Help Vampire? ] - [ Read The manual! ] - [ W3 methods - GET, POST, etc ] - [ Web Design Hell ]
  24. #13
  25. No Profile Picture
    Contributing User
    Devshed Loyal (3000 - 3499 posts)

    Join Date
    Dec 2004
    Posts
    3,031
    Rep Power
    377
    thanks again guys for the explanations. eventually we got there.

IMN logo majestic logo threadwatch logo seochat tools logo