I have a php website, that has to run locally on a raspberry pi.
The website contains commands that controls a hardware device.
The local URSL would look like: http://localhostname
The remote URL would look like: https://www.url.com/project
The file structure (simplified) is:
local raspberry pi: index.php
remote server: login.php and database.php
The index.php is supposed to include the database.php in order to build up the database connection and handle the data transfer.
I have two problems that I don't know how to handle.
On the one side I do not want the database php file stored locally on the rapsberry pi. This way everybody could see the credentials. On the other side I can not include the database.php file in the index.php, because it is remote and php doesn't allow that.
SESSION and COOKIE handling is a problem as well. The Login (login.php) procedure is stored on the remote server. As soon as the user logs in, SESSION and COOKIE information gets stored. Those information are valid for the remote servers URL ("/"). As soon as the navigation would go back to the local Raspberry Pi the SESSION and COOKIE wouldn't be valid anymore as the domain/hostname changed.. This way I can not check if the users login was successful. The index.php shouldn't be accessible by the user as long as the user hasn't successfully logged in.
e.g. In case of a successful login, it returns the session that I'll take about in point 2. In case of a failed login return an error. index.php then has to deal either with the session returned or the error.
e.g. on a successful login, login.php generates a random string, stores it into the database and return it back to index.php which will save it on the rasberry pi for further use