A couple of days ago, in Sqlite Web Security, I said I didn't see how to move an SQLite database out of the web directory. I feel dumb, because the problem really was silly.

Rather than using

$_SERVER['DOCUMENT_ROOT'] . '/../sqlite.name'

you can just use a hardcoded path like so:

'/home/user/path/to/sqlite.name'

or

$_SERVER['DOCUMENT_ROOT] . '/../../path/to/db.file'

.

Notice the extra level of indirection. This is required when working with a subdomain. When working with a root domain, the

$_SERVER['DOCUMENT_ROOT'] . '/../path/to/sqlite.name'

works.

As an added measure of security, move the actual Habari config.php out of the web directory, and place it in another directory, too. Create a separate config.php file in Habari's root directory, and just include the real configuration file in it:

<?php include($_SERVER['DOCUMENT_ROOT'] . '/../../path/to/config.php' ); ?>