Cannot include or require any php file in slim index.php


#1

So i’m trying to include my custom php file w/ my functions in index.php like this: require_once(custom_directory/custom_file.php);
and i’m getting bunch of errors (PHP Fatal error: require_once(): Failed opening required ‘api/custom_directory/custom_file.php’ (include_path=’.:/usr/share/php’) in /var/www/site/api/index.php on line 3)
BUT if i’m including php file from the same directory as index.php then everything is fine.
Is it possible to fix this? Maybe it’s because of my .htaccess file?

My project structure:
/var/www/site:
– api
---- vendor (slim is here)
---- composer.json
---- composer.lock
---- .htaccess
---- custom_directory -> custom_file.php
---- index.php (i’m here)

My .htaccess file:
RewriteEngine On
RewriteCond %{REQUEST_FILENAMEf
RewriteCond %{REQUEST_FILENAMEd
RewriteRule ^ index.php [QSA,L]


#2

First, it looks as though your vendor folder is publicly accessible, which is a security risk.

I’d also note the error message doesn’t seem to match the require code you posted as the error includes an api directory, so this might not be exactly what you are after.

You might find it helpful to start your require from the current directory, so something like this in your case in the index.php.

require __DIR__ . '/custom_directory/custom_file.php';

#3

I’ve tried your suggestion and it’s helped me, thanks
Also what i need to do w/ vendor folder to remove security risks?


#4

The vendor folder shouldn’t be publicly accessible. In your structure, it looks like your web root is at /var/www/site/api, so your vendor folder should go outside that directory, perhaps as /var/www/site/vendor. Although if your web root is var/www/site and you are accessing urls like http://example.com/api then your vendor folder should be in /var/www/vendor.

In short, the only PHP file within your web root should typically be the front controller (index.php file).