Jump to content
ethanbeyer

Using PHP include in config.php

Recommended Posts

To me, saving database credentials to a Git repository, even if that repo is private, is a big no-no. So I've been tinkering with different ways to deploy sites to production environments without saving the database credentials to the repo. I know that there is a the config-dev.php option. But that hasn't worked for me, as I will explain later.

I added this to my config.php:

 

$config->env = "dev";

if($config->env == "dev") {
	$config->dbHost = 'localhost';
	$config->dbName = 'processwire';
	$config->dbUser = 'root';
	$config->dbPass = 'root';
	$config->dbPort = '3306';
} else {
	require("./{$config->env}.config.php");
}

So if $config->env = "production", production.config.php should be loaded:

$config->dbHost = 'localhost';
$config->dbName = 'processwire-production';
$config->dbUser = 'username';
$config->dbPass = 'productionPassWord';
$config->dbPort = '3306';

I can't see anything wrong with the syntax of this at all - but for some reason, if that file is added with require() or require_once(), ProcessWire never loads. If it's loaded with include(), I get an error about the page not being found, and there being no install.php present.

So it seems like for some reason, there is no way to include a file in config.php, which confuses me immensely.

 

How my brain works

I'll try to explain my thought process behind this a little more.
I think it's a good idea for dev environments (especially those that come with a Vagrant box and a defined database already installed) to include dev-level database creds. It should just work. If someone works on this site after me, they shouldn't have to spend a ton of time getting a config file set up.

Secondly, having a config.php file and a config-dev.php file frustrates me because for the developer that comes after me, they could really use the config-dev file! But if it's in the repo, it gets deployed. If it gets deployed, it gets called on the staging/production server, and that is no good! Also, config.php and config-dev.php would in most cases pretty much completely mirror one another with the exception of database creds, and maybe debug or a few other things.

That is why I want to have all the configs in the repo within config.php except for the tiny bits that are environment-specific. They should be able to be included, right?

Share this post


Link to post
Share on other sites

include_once "creds.php" and similar do work for me. Maybe is it something about your setup?

Edited by szabesz
typo
  • Like 1

Share this post


Link to post
Share on other sites

You're right.

require_once("creds.php");		// this works
require_once("./creds.php");		// this doesn't

No idea why.

  • Like 1

Share this post


Link to post
Share on other sites
7 minutes ago, ethanbeyer said:

require_once("./creds.php"); // this doesn't

Yep, it does not. Maybe because config.php is already included? I should check it :P Anyway, because of such issues I recently switched to using __DIR__, eg:

require_once __DIR__ . '/./creds.php';

 

Edited by szabesz
typo
  • Like 1

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By Peter Knight
      Hi all
      My .htaccess file is correctly redirecting all requests to
      https:// www. That's great until I want to work locally.
      I thought I had seen a blog post by Ryan where there was a new config setting to ignore both of these if working from localhost?
      I can't find it now so wondering if I was imagining 😕
       
       
    • By Sten
      Hell,
      Although I use a config on an other of my sites that works well. An error 500 is driving me nuts.
      Coul someone have a look on my config
      server { listen 80; server_name attente.xyz; rewrite ^ https://$server_name$request_uri? permanent; } server { listen 443 ssl; server_name attente.xyz; ssl_certificate /etc/letsencrypt/live/krouus.company/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/krouus.company/privkey.pem; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Activer le ciphers et mettre ceux autorisés (je vous laisse faire de plus amples recherches pour ça ;) ) ssl_prefer_server_ciphers on; ssl_ciphers 'DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-CAMELLIA256-SHA:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-CAMELLIA128-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA256'; ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; # La fameuse clé générée en dernier ssl_dhparam /etc/nginx/dhparam.pem; # Ajout d'une règle http add_header Strict-Transport-Security "max-age=31536000;"; root /var/www/attente.xyz/html; index index.php index.html index.htm; location / { # try_files $uri $uri/ /index.php?it=$uri&$args; try_files $uri /index.php$is_args$args; fastcgi_pass unix:/run/php/php7.0-fpm.sock; fastcgi_index index.php; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_intercept_errors on; fastcgi_ignore_client_abort off; fastcgi_connect_timeout 60; fastcgi_send_timeout 180; fastcgi_read_timeout 180; fastcgi_buffers 4 256k; fastcgi_buffer_size 128k; fastcgi_busy_buffers_size 256k; fastcgi_temp_file_write_size 256k; } location ~ \.php$ { #try_files $uri =404; include snippets/fastcgi-php.conf; include /etc/nginx/fastcgi_params; fastcgi_pass unix:/run/php/php7.0-fpm.sock; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; # .htaccess 10. fastcgi_param HTTP_MOD_REWRITE On; fastcgi_param X-Real-IP $remote_addr; fastcgi_param X-Forwarded-For $remote_addr; fastcgi_param Host $host; } location ~* \.(?:css|gif|htc|ico|js|jpe?g|png|swf|svg|ttf|eot|woff|less|pdf)$ { #expires max; log_not_found off; ## No need to bleed constant updates. Send the all shebang in one ## fell swoop. tcp_nodelay off; ## Set the OS file cache. open_file_cache max=1000 inactive=120s; open_file_cache_valid 45s; open_file_cache_min_uses 2; open_file_cache_errors off; valid_referers attente.xyz; ##ajout ProcessWire expires 24h; #log_not_found off; access_log off; try_files $uri /index.php?it=$uri&$args; } # .htaccess 8.1 charset utf-8; # .htaccess 3. location = /favicon.ico { log_not_found off; access_log off; } location = /robots.txt { log_not_found off; access_log off; } # .htaccess 4. # add_header X-Frame-Options SAMEORIGIN always; # Set by ProcessWire core add_header X-XSS-Protection "1; mode=block"; # add_header X-Content-Type-Options "nosniff"; # ----------------------------------------------------------------------------------------------- # .htaccess 5. # ----------------------------------------------------------------------------------------------- # Block access to ProcessWire system files location ~ \.(inc|info|info\.json|module|sh|sql)$ { deny all; } # Block access to composer files location ~ composer\.(json|lock)$ { deny all; } # Block access to any file or directory that begins with a period (except well-known) location ~ (^|/)\.(?!well-known)|^\..*$ { deny all; } # ----------------------------------------------------------------------------------------------- # .htaccess 15. # ----------------------------------------------------------------------------------------------- # Block access to protected assets directories location ~ ^/(site|site-[^/]+)/assets/(cache|logs|backups|sessions|config|install|tmp)($|/.*$) { deny all; } # Block acceess to the /site/install/ directory location ~ ^/(site|site-[^/]+)/install($|/.*$) { deny all; } # Block dirs in /site/assets/ dirs that start with a hyphen location ~ ^/(site|site-[^/]+)/assets.*/-.+/.* { deny all; } # Block access to /wire/config.php, /site/config.php, /site/config-dev.php, and /wire/index.config.php location ~ ^/(wire|site|site-[^/]+)/(config|index\.config|config-dev)\.php$ { deny all; } # Block access to any PHP-based files in /templates-admin/ location ~ ^/(wire|site|site-[^/]+)/templates-admin($|/|/.*\.(php|html?|tpl|inc))$ { deny all; } # Block access to any PHP or markup files in /site/templates/ location ~ ^/(site|site-[^/]+)/templates($|/|/.*\.(php|html?|tpl|inc))$ { deny all; } # Block access to any PHP files in /site/assets/ location ~ ^/(site|site-[^/]+)/assets($|/|/.*\.php)$ { deny all; } # Block access to any PHP files in core or core module directories location ~ ^/wire/(core|modules)/.*\.(php|inc|tpl|module)$ { deny all; } # Block access to any PHP files in /site/modules/ location ~ ^/(site|site-[^/]+)/modules/.*\.(php|inc|tpl|module)$ { deny all; } # Block access to any software identifying txt files location ~ ^/(COPYRIGHT|INSTALL|README|htaccess)\.(txt|md)$ { deny all; } # Block all http access to the default/uninstalled site-default directory location ~ ^/site-default/ { deny all; } }
      Thank you for any hunch.
    • By benbyf
      I always seem to get this warning on every new install of PW on my Ubuntu 14 box with Digital Ocean. The servers are usually based in the UK and I was wondering if I should be adding something other than the below in the config? Is there a UK based locale code? Quick Google didnt come up with much.
      Warning: your server locale is undefined and may cause issues. Please add this to /site/config.php file (adjust “en_US.UTF-8” as needed): setlocale(LC_ALL,'en_US.UTF-8');
      Added to the config file:
      setlocale(LC_ALL,'en_US.UTF-8');  
    • By rushy
      I'm trying to migrate a PW site on my local dev server to a shared hosted server and have used the ProcessExportProfile module to export a profile as a zip file. So far so good. I then deploy new install of PW on the server by unzipping the PW installation files but I do not run the install until I have replaced the various site profiles with the files from the exported profile. So basically:
      In the PW install files I delete all the site-* folders except site-default. This one I overwrite with  the export profile folders so it contains my assets, install, modules and templates folders together with the exported config.php
      I then run the install in the browser in the normal way and it starts the installation and I can see my website profile in the list and I select it. It proceeds as normal and gets to setting up the database. I provide the db info. as usual and it proceeds as far the info. below and 'hangs' at this point , it never goes on to setup the PW login admin. and complete the install I am left at that screen.  
      If I relaunch the browser at the site it all seems to work! BUT I have no admin login to PW so cannot get into the backend. 
      I have basically followed the Installation, Moving and Troubleshooting guide by Joss Sanglier: http://processwire.com/docs/tutorials/installation-moving-and-troubleshooting/page4
      Any idea where I could check for an error log or some help as I am at a loss as to the problem. 
      Many thanks. Paul
      ProcessWire 3.x Installer
       Test Database and Save Configuration
       Database connection successful to pinpoin1_master
       Saved configuration to ./site/config.php
       Profile Import
       Imported database file: ./wire/core/install.sql
       Imported database file: ./site/install/install.sql
    • By modifiedcontent
      I have one central website, with membership registration and content etc., and then several related websites with their own URL/domains, each on Processwire, all on the same server.
      I would like to access the database of the central website from the sister websites. How would I do that?
      You can't bootstrap one PW installation into another. You can include template parts from one in the other by just using the server path, but whatever you try to get/post just comes/goes to the database of the site you are on.
      Could you switch databases by including the config.php from another PW installation somewhere?
      What is the correct, secure way to do this?
×
×
  • Create New...