Follow basic PHP Project best practices about raweb HOT 7 CLOSED

Wouldn't changing the directory of the scripts affect the emulators that use these scripts as well?

from raweb.

i'm sorry, i forgot to explicitly state that as well: on the public side, none of the addresses would be affected - it would all look the same from the outside.
if i understood correctly that is - you mean emulators interfacing with scripts on the site, e.g. by calling http://retroachievements.org/script.php, right?

from raweb.

Yeah, exactly that.

from raweb.

what the directory change implies, apart from a cleaner look, is that it will not be possible to simply call any file outside the public directory.

as soon as we start using libraries pulled in by php's dependency manager, those would go into a vendor folder. we would not want to allow anyone to call e.g. http://retroachievements.org/vendor/lib/src/script.php

another advantage is that we can move files to a private location without implementing extra security measures; like secrets in environment configurations, data storage etc - all things that are only meant to be consumed by php but should not be exposed publicly simply by calling the according address.

for example: this should not even be processed http://retroachievements.org/_db_secrets.php but merely result in a 404.

from raweb.

I'm not sure if there is something similar in PHP but in ASP.NET Core there's a concept of "user secrets". How it works is that on the command line, you specify a key/value pair and it stores the secret in a json file (secrets.json) deep in the user folder. It's cross-platform so I'm almost certain it works for Linux and Mac.

Syntax: dotnet user-secrets set <key> <value>

These would be the folders:
Windows: %APPDATA%\microsoft\UserSecrets\<userSecretsId>\secrets.json
Linux: ~/.microsoft/usersecrets/<userSecretsId>/secrets.json
Mac: ~/.microsoft/usersecrets/<userSecretsId>/secrets.json

The "userSecretsID" would be in the project file.

Secrets shouldn't really be in source control anyway. I could probably emulate it using PowerShell Core (cross-platform version of Windows PowerShell).

from raweb.

that sounds very convenient! there is a comparable way to do this in php - there's a composer package for .env files that reside in the root of the project and are gitignored. there'd be another version controlled .env.example with sensible defaults that can be copied over and adjusted for different environments. i will add this in the upcoming days.

we can have composer act as the main cli tool for the project as well or switch to one of the existing ones out there - i'm currently compiling a list of useful packages that might come in handy in the future. i'll make sure to document all of it as well in case we end up using those.

from raweb.

All done - that's awesome @ScottFromDerby !
Closing.

from raweb.