|
Forcing Users Through index.php
November 27, 2001
|
::: An Alternative Method :::
|
Some people, myself included, have experimented with placing the entire Fusebox application above the web root. That is a great way to keep people from accessing files that they should not access, since the server will not have anything publicly accessible except for an index.php file that include()s the Fusebox application. Something like this would go in your public index.php:
| |
<?php
include("../FuseRoot/index.php");
?>
|
However, I personally stay away from that solution because of the issues it raises with thing like images, CSS files, or external JavaScript files. A great thing about Fusebox is the ability to create modular "circuit applications" that you can plug into any larger application to add the functionality of that circuit to another project. On this site the "search" circuit would be really simple to pull out and drop into another application (hmm... not a bad idea: watch the downloads section for a plug-and-play search circuit app...). When you push everything above the web root, any images or JavaScript includes or other files that the browser needs to access independent of your PHP scripts have to be pulled out and dropped into the public section in order for them to function properly. Personally, I use images and CSS on my sites quite a bit, but if you do not, this might be the perfect, cross-platform solution for you.
Another option is to further leverage your web server's abilities and restrict access to only the index.php file at the server level (instead of the script level, as we did with the Application.php file). I have not experimented with this at all, but there should be a way to set Apache to only allow access to index.php, and no other files.
|
