Skip to content

24. Application Exercise – Version 13

Version 13 brings few changes: it secures access to the application’s files.

With version 12, you can request the following URL [http://localhost/php7/scripts-web/impots/version-12/config.json]. You then get the following page (Firefox):

Image

However, this file [config.json] contains sensitive information such as the credentials of users authorized to use the application. It must not be accessible to users. The same applies to all application files except for the files [main.php, index.php, Views/logo.jpg], which must be accessible from the outside. This is because the views need HTTP access to the application logo. Version 13 provides a simple solution to this problem.

In NetBeans, we copy and paste the [version-12] folder into [version-13]:

Image

  • in [1], in the application’s root folder, we leave only the scripts [index.php, main.php];
  • in [2], the configuration files are placed in a [Config] folder;
  • in [3], the image [logo.jpg] is placed in a [Resources] folder;

The HTTP server used here is an Apache server. This allows us to control access to a folder via an [.htaccess] file. In all folders where we want to prevent direct access via URL, we create the following [.htaccess] file:

Image

These two lines prevent anyone from accessing the folder.

We place this file in all application folders except the root folder and the [Resources] folder. Ultimately, only three files are accessible from the outside: [index.php, main.php, Resources/logo.jpg].

Let’s run a few tests:

Image

Image

Image

Image

Image

A few changes need to be made to the code:

In the [Config/config.json] file:

Image

In the [main.php] file:

Image

In the [Views/v-banner.php] file:

Image

https://tahe.developpez.com
This tutorial written by Serge Tahé is made available to the public under the terms of the Creative Commons Attribution – Non-Commercial – ShareAlike 3.0 Unported.