A couple of days ago, in Sqlite Web Security, I said I didn't see how to move an SQLite database out of the web directory. I feel dumb, because the problem really was silly.
Rather than using
$_SERVER['DOCUMENT_ROOT'] . '/../sqlite.name'
you can just use a hardcoded path like so:
$_SERVER['DOCUMENT_ROOT] . '/../../path/to/db.file'
Notice the extra level of indirection. This is required when working with a subdomain. When working with a root domain, the
$_SERVER['DOCUMENT_ROOT'] . '/../path/to/sqlite.name'
As an added measure of security, move the actual Habari config.php out of the web directory, and place it in another directory, too. Create a separate config.php file in Habari's root directory, and just include the real configuration file in it:
<?php include($_SERVER['DOCUMENT_ROOT'] . '/../../path/to/config.php' ); ?>