[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

How to include php files that are not sitting in the document root of a web site?

Posted on 2004-10-24
58
Medium Priority
?
364 Views
Last Modified: 2013-11-18
Dear all,

I have a library of php files that I would like to use in several web sites.

I thus have several directories, one for each web site, containing the different web sites files.

The directories look like this:

/home/httpd/vhosts/website1.net/httpdocs/

or like this

/home/httpd/vhosts/website2.net/httpdocs/

I would like to avoid ducplicating the library of php files in these different web sites directories.

I would prefer to keep only one copy of these library php files on the server.

The server is a dedicated server.

The library is sitting in the directory

/home/httpd/vhosts/website0.net/httpdocs/engine/lib

but it could sit anywhere on the server file system.

I tried to use ymbolic links to have the lib/ directory present in the other directories.

Also, the open_basedir in the php.ini file is empty:

;open_basedir =

But when accessing the web site I get this message:

Warning: Unknown(): open_basedir restriction in effect. File(/home/httpd/vhosts/thalasoft.net/httpdocs/engine/index.php) is not within the allowed path(s): (/home/httpd/vhosts/thalasoft.net/subdomains/demo/httpdocs:/tmp) in Unknown on line 0

Warning: Unknown(/home/httpd/vhosts/thalasoft.net/httpdocs/engine/index.php): failed to open stream: Opération non permise in Unknown on line 0

Warning: (null)(): Failed opening '/home/httpd/vhosts/thalasoft.net/httpdocs/engine/index.php' for inclusion (include_path=':/home/httpd/vhosts/thalasoft.net/httpdocs/engine/setup') in Unknown on line 0


How to include php files that are not sitting in the document root of a web site?

Kind Regards
Stephane

0
Comment
Question by:stephaneeybert
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 38
  • 13
  • 5
  • +2
58 Comments
 
LVL 14

Expert Comment

by:kenfcamp
ID: 12394500
using > include ("/home/httpd/vhosts/thalasoft.net/httpdocs/engine/index.php"); < should work just fine.

alternatly you could also use > include ("http://www.somesite.com/engine/index.php");

There are potential problems with either of these solutions however. "IF" the desired file to be included calls other files there is a good chance you will get errors as the files needed will be not be in the directory path of the current site.

What I woud do is create a directory that can be used by all domains if desired such as a static cgi-bin directory (ex -- engine) and place the desired and associated files/directories there.

This would allow all your domains to use the scripts if needed (http://www.somesite.com/engine/)

Good luck

0
 
LVL 5

Expert Comment

by:mrielf
ID: 12395336
Turn off safe mode in php

http://www.php.net/features.safe-mode
0
 

Author Comment

by:stephaneeybert
ID: 12395453
kenfcamp, I create the directory, I put the library files in it, but then... What should I do to use them...?

Something to note is that all my files have the following statement:

require_once("website.php");

I use for this a php include_path directive.

Thanks!
0
Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

 

Author Comment

by:stephaneeybert
ID: 12395460
My safe_mode is already off.

Here is a snippet of my php.ini

; Safe Mode
;
safe_mode = Off

; By default, Safe Mode does a UID compare check when
; opening files. If you want to relax this to a GID compare,
; then turn on safe_mode_gid.
safe_mode_gid = Off

; When safe_mode is on, UID/GID checks are bypassed when
; including files from this directory and its subdirectories.
; (directory must also be in include_path or full path must
; be used when including)
safe_mode_include_dir =


Thanks
0
 

Author Comment

by:stephaneeybert
ID: 12395472
I tried this in the php.ini file:

safe_mode_include_dir = /home/httpd/vhosts/thalasoft.net/httpdocs

and restarted the Apache server.

But the error message is the same.

0
 
LVL 15

Expert Comment

by:periwinkle
ID: 12402030
An alternative would be to create a Alias for your libraries in your Apache VirtualHosts.  Add a line that looks like:

Alias /mylib /home/httpd/vhosts/website0.net/httpdocs/engine/lib

restart Apache, and then you can access the lbraries as:

mylib/filename
0
 

Author Comment

by:stephaneeybert
ID: 12402266
Should I have this line anywhere in the httpd.conf file..?

I'll try...

Thanks!

0
 
LVL 15

Expert Comment

by:periwinkle
ID: 12402307
Put it within your virtualhost.
0
 

Author Comment

by:stephaneeybert
ID: 12402542
I did this in my httpd.conf file:

Alias /engine "/home/httpd/vhosts/website0.net/httpdocs/engine"

<Directory "/home/httpd/vhosts/website0.net/httpdocs/engine">
    Options Indexes MultiViews
    AllowOverride None
    Order allow,deny
    Allow from all
</Directory>


I also set the open_basedir variable like this for /home/httpd/vhosts/website1.net/httpdocs/

php_admin_value open_basedir "/home/httpd/vhosts/website1.net:/tmp"



The problem now is that when accessing

http://www.website1.net/index.php the browser displays a popup window and I can save the php script containing the source code.

Any clue..?

Thanks!

Stephane

0
 

Author Comment

by:stephaneeybert
ID: 12402625
Wouldn't it be better to use ScriptAlias instead..?
0
 

Author Comment

by:stephaneeybert
ID: 12402680
No, I tried ScriptAlias and it is worse.
0
 

Author Comment

by:stephaneeybert
ID: 12402726
Sorry for my ignorance. Are you talking of the virtual host tags of the website0.net web site or website1.net web site..?

Would you have an example..?

Thanks
0
 

Author Comment

by:stephaneeybert
ID: 12403168
It's funny because
http://demo.thalasoft.net/phpinfo.php
is correctly parsed and displayed.

Whereas
http://demo.thalasoft.net/index.php
pops up a dialog box to offer to save the file index.php

As a reminder the file index.php is a link:
index.php -> ../../../httpdocs/index.php

Is it the reason fot the no parsing...?

0
 

Author Comment

by:stephaneeybert
ID: 12403317
I did some testing, and the files are correctly parsed if the link sits in the same document root than its target.

Otherwise the target php script file is offered for download instead of being parsed.

0
 

Author Comment

by:stephaneeybert
ID: 12403622
If the index.php file points to a whoami.php file

lrwxrwxrwx  1 thalasoft psacln   28 oct 25 21:05 index.php -> ../../../httpdocs/whoami.php

then the result if fine:

HOSTNAME demo.website0.net
DOCUMENT_ROOT /home/httpd/vhosts/website0.net/subdomains/demo/httpdocs
PHP_SELF /index.php

0
 
LVL 15

Expert Comment

by:periwinkle
ID: 12404225
I meant within the <VirtualHost> container.

I wouldn't use the relative paths of ../../../ because if you relocate any of the directories, everything can easily be thrown off.  

You definitely don't want ScriptAlias.  You want Alias, because that is saying 'pretend that this directory is available, relative from the DocumentRoot of this VirtualHost.

An example:


<VirtualHost xxx.xxx.xxx.xxx:80>
     ServerName www.website1.net
     ServerAlias website1.net
     Alias /mylib /home/httpd/vhosts/website0.net/httpdocs/engine/lib
     DocumentRoot /home/httpd/vhosts/website1.net/httpdocs/
     <Directory /home/httpd/vhosts/website1.net/httpdocs/>
          Options Includes FollowSymLinks
          AllowOverride All
          order allow,deny
          allow from all
     </Directory>
     <Directory /home/httpd/vhosts/website1.net/httpdocs/cgi-bin>
          Options FollowSymLinks Includes
          order allow,deny
          allow from all
          <Limit GET POST>
               order allow,deny
               allow from all
          </Limit>
     </Directory>
     ScriptAlias /cgi-bin/ /home/httpd/vhosts/website1.net/httpdocs/cgi-bin/
</VirtualHost>


0
 

Author Comment

by:stephaneeybert
ID: 12405209
Here is my Virtual Host:


VirtualHost 62.193.225.224:80>
        ServerName   demo.thalasoft.net:80                                                        ServerAdmin  "mittiprovence@yahoo.se"                                                     DocumentRoot /home/httpd/vhosts/thalasoft.net/subdomains/demo/httpdocs                    CustomLog  /home/httpd/vhosts/thalasoft.net/statistics/logs/access_log combined           ErrorLog   /home/httpd/vhosts/thalasoft.net/statistics/logs/error_log                     <IfModule mod_ssl.c>                                                                              SSLEngine off                                                                     </IfModule>                                                                               <Directory  /home/httpd/vhosts/thalasoft.net/subdomains/demo/httpdocs>                    <IfModule sapi_apache2.c>                                                                         php_admin_flag engine on                                                                  php_admin_value open_basedir "/home/httpd/vhosts/thalasoft.net:/tmp"              </IfModule>                                                                                       Options FollowSymLinks Includes -ExecCGI                                                  AllowOverride All                                                                         order allow,deny                                                                          allow from all                                                                    </Directory>

<Directory /home/httpd/vhosts/thalasoft.net/httpdocs/cgi-bin>                                       Options FollowSymLinks Includes                                                           order allow,deny                                                                          allow from all                                                                            <Limit GET POST>                                                                               order allow,deny                                                                          allow from all                                                                       </Limit>
     </Directory>
     ScriptAlias /cgi-bin/ /home/httpd/vhosts/thalasoft.net/httpdocs/cgi-bin/

</VirtualHost>

But the request http://demo.thalasoft.net/index.php displays a popup window
instead of parsing the index.php file...

0
 

Author Comment

by:stephaneeybert
ID: 12405234
The popup window no parsing issue occurs only with sym links.
0
 

Author Comment

by:stephaneeybert
ID: 12405252
And only when the link target sits in another document root
0
 

Author Comment

by:stephaneeybert
ID: 12405285
Here is my vhost
<VirtualHost 62.193.225.224:80>
        ServerName   thalasoft.net:80
        ServerAlias  www.thalasoft.net
        UseCanonicalName Off
        ServerAdmin  "mittiprovence@yahoo.se"
        DocumentRoot /home/httpd/vhosts/thalasoft.net/httpdocs
        CustomLog  /home/httpd/vhosts/thalasoft.net/statistics/logs/access_log combined
        ErrorLog   /home/httpd/vhosts/thalasoft.net/statistics/logs/error_log
<IfModule mod_userdir.c>
        UserDir /home/httpd/vhosts/thalasoft.net/web_users
</IfModule>
        <IfModule mod_ssl.c>
                SSLEngine off
        </IfModule>
        <Directory /home/httpd/vhosts/thalasoft.net/httpdocs>
        <IfModule sapi_apache2.c>
                php_admin_flag engine on
                php_admin_value open_basedir "/home/httpd/vhosts/thalasoft.net/httpdocs:/tmp"
        </IfModule>
                Options -Includes -ExecCGI
        </Directory>
</VirtualHost>
<VirtualHost 62.193.225.224:80>
        ServerName   demo.thalasoft.net:80
        ServerAdmin  "mittiprovence@yahoo.se"
        DocumentRoot /home/httpd/vhosts/thalasoft.net/subdomains/demo/httpdocs
        CustomLog  /home/httpd/vhosts/thalasoft.net/statistics/logs/access_log combined
        ErrorLog   /home/httpd/vhosts/thalasoft.net/statistics/logs/error_log
        <IfModule mod_ssl.c>
                SSLEngine off
        </IfModule>
        <Directory  /home/httpd/vhosts/thalasoft.net/subdomains/demo/httpdocs>
        <IfModule sapi_apache2.c>
                php_admin_flag engine on
                php_admin_value open_basedir "/home/httpd/vhosts/thalasoft.net:/tmp"
        </IfModule>
                Options -Includes -ExecCGI
        </Directory>
</VirtualHost>

The web site demo.thalasoft.net uses some library files that sit in the web site thalasoft.net

[root@wpc0797 httpdocs]# ll
total 8
drwxr-xr-x  4 thalasoft psacln 4096 oct 22 09:12 account
lrwxrwxrwx  1 thalasoft psacln   27 oct 25 21:13 admin.php -> ../../../httpdocs/admin.php
lrwxrwxrwx  1 thalasoft psacln   27 oct 25 21:11 index.php -> ../../../httpdocs/index.php
-rwxrwxrwx  1 thalasoft psacln   29 oct 22 09:31 phpinfo.php
lrwxrwxrwx  1 thalasoft psacln   28 oct 25 21:04 whoami.php -> ../../../httpdocs/whoami.php

0
 
LVL 15

Expert Comment

by:periwinkle
ID: 12405344
What I would suggest is to move (or copy) admin.php, index.php, and whoami.php in a directory called lib, i.e.:

/home/httpd/vhosts/thalasoft.net/httpdocs/lib

Then, you could modify the VirtualHost for the demo.thalasoft.net as follows:

<VirtualHost 62.193.225.224:80>
        ServerName   demo.thalasoft.net:80
        ServerAdmin  "mittiprovence@yahoo.se"
        DocumentRoot /home/httpd/vhosts/thalasoft.net/subdomains/demo/httpdocs
        CustomLog  /home/httpd/vhosts/thalasoft.net/statistics/logs/access_log combined
        ErrorLog   /home/httpd/vhosts/thalasoft.net/statistics/logs/error_log
        Alias /mylib /home/httpd/vhosts/thalasoft.net/httpdocs/lib
        <IfModule mod_ssl.c>
                SSLEngine off
        </IfModule>
        <Directory  /home/httpd/vhosts/thalasoft.net/subdomains/demo/httpdocs>
        <IfModule sapi_apache2.c>
                php_admin_flag engine on
                php_admin_value open_basedir "/home/httpd/vhosts/thalasoft.net:/tmp"
        </IfModule>
                Options -Includes -ExecCGI
        </Directory>
</VirtualHost>

restart the server (necessary to reload the httpd.conf file).

Then, refer to the files as /mylib/admin.php, /mylib/index.php, and /mylib/whoami.php .
0
 

Author Comment

by:stephaneeybert
ID: 12405608
I added the line

Alias /mylib /home/httpd/vhosts/thalasoft.net/httpdocs/engine

to the file.

But I still get a popup window offering to download the php file...

The script is found only it is not parsed...

0
 

Author Comment

by:stephaneeybert
ID: 12405629
But calling this file

lrwxrwxrwx  1 thalasoft psacln   52 oct 26 00:15 whoami.php -> /home/httpd/vhosts/thalasoft.net/httpdocs/whoami.php

with http://demo.thalasoft.net/whoami.php

works fine, the php script is parsed.

0
 
LVL 15

Expert Comment

by:periwinkle
ID: 12405645
After adding the Alias, how are you referring to the script?
0
 

Author Comment

by:stephaneeybert
ID: 12405654
This poses the same problem:

lrwxrwxrwx  1 thalasoft psacln   58 oct 26 00:18 whoami.php -> /home/httpd/vhosts/thalasoft.net/httpdocs/engine/index.php

http://demo.thalasoft.net/whoami.php


0
 

Author Comment

by:stephaneeybert
ID: 12405669
But this works fine:

lrwxrwxrwx  1 thalasoft psacln   59 oct 26 00:20 whoami.php -> /home/httpd/vhosts/thalasoft.net/httpdocs/engine/whoami.php

with http://demo.thalasoft.net/whoami.php

0
 

Author Comment

by:stephaneeybert
ID: 12405696
It is the content of index.php that poses problem.

Here it is:

<?php

require_once("website.php");

require_once($gFlashPath . "displayIntro.php");

?>
0
 

Author Comment

by:stephaneeybert
ID: 12405702
My include_path in phpµ.ini

include_path = ":/home/httpd/vhosts/thalasoft.net/httpdocs/engine/setup"

And the content of setup/

[root@wpc0797 engine]# ll setup/
total 32
-rw-r--r--  1 thalasoft psacln  790 oct 22 09:21 database.php
-rw-r--r--  1 thalasoft psacln  433 oct 14 15:48 env.php
-rw-r--r--  1 thalasoft psacln  514 oct 14 16:10 host.php
-rw-r--r--  1 thalasoft psacln  686 oct 14 15:48 library.php
-rw-r--r--  1 thalasoft psacln 4366 oct 21 13:35 path.php
-rw-r--r--  1 thalasoft psacln 1161 oct 14 16:24 system.php
-rw-r--r--  1 thalasoft psacln  539 oct 14 16:17 website.php
0
 

Author Comment

by:stephaneeybert
ID: 12405755
I call the script like this:

http://demo.thalasoft.net/index.php
0
 

Author Comment

by:stephaneeybert
ID: 12405759
I'm off to bed, it's late here in south of France.

Thanks!

0
 
LVL 5

Expert Comment

by:mrielf
ID: 12410142
Stephan!
The alias thing isn't working because the php script isn't interpreted in apache.
If safe mode is off, then you can specify scripts out of basedir.
Specify exact location of the script witch you want to include.
If it isn't works for you, then might be there other things  like php/apache runs in jail etc...
0
 

Author Comment

by:stephaneeybert
ID: 12410363

My safe mode is off.

0
 
LVL 15

Expert Comment

by:periwinkle
ID: 12410430
As website.php is in the mylib aliased directory, you then have to specify that path after setting up the alias:


<?php

require_once("mylib/website.php");

require_once($gFlashPath . "displayIntro.php");

?>

0
 

Author Comment

by:stephaneeybert
ID: 12411229
Hi mrielf ,

Here is my engine/ library /home/httpd/vhosts/thalasoft.net/httpdocs/engine

and the setup is:

<Directory "/home/httpd/vhosts/thalasoft.net/httpdocs/engine">
    Options -Indexes MultiViews FollowSymLinks
    AllowOverride None
    Order allow,deny
    Allow from all
</Directory>

0
 

Author Comment

by:stephaneeybert
ID: 12411256
This http://www.thalasoft.net/engine/ajeter.php is parsed fine.

This http://demo.thalasoft.net/engine/ajeter.php displays a download popup.

And the file is sitting in

/home/httpd/vhosts/thalasoft.net/httpdocs/engine/ajeter.php

and contains

<?PHP

print("Parsed!");

?>

Any clue?

0
 

Author Comment

by:stephaneeybert
ID: 12411295
Sorry but I need to clear things up here..

periwinkle, is it true as mrielf is saying that :
The alias thing isn't working because the php script isn't interpreted in apache ?

0
 
LVL 15

Expert Comment

by:periwinkle
ID: 12411428
Stephanie -

I think that the alias thing is a separate issue from the PHP being interpretted.

If PHP isn't being interpretted, it sounds like perhaps safe-mode IS set on in some manner, or that other security checks are causing the issue as mrielf has indicated.

Have you looked through the safe_mode configuration directives here:

http://us2.php.net/features.safe-mode

and compared to those in your php.ini to see if there is something there that is preventing the php from outside your directory from working properly?
0
 

Author Comment

by:stephaneeybert
ID: 12411635
I think also that the Alias is another issue.

I will check again my safe mode setup.

In my php.ini I currently have:

safe_mode = Off
safe_mode_gid = Off
safe_mode_include_dir =
safe_mode_exec_dir =
safe_mode_allowed_env_vars = PHP_
safe_mode_protected_env_vars = LD_LIBRARY_PATH
open_basedir = /home/httpd/vhosts/



0
 

Author Comment

by:stephaneeybert
ID: 12411677
My safe mode seen through phpinfo()

safe_mode      Off      Off
safe_mode_exec_dir      no value      no value
safe_mode_gid      Off      Off
safe_mode_include_dir      no value      no value
0
 

Author Comment

by:stephaneeybert
ID: 12411725
I also have this setup sitting in the file /home/httpd/vhosts/thalasoft.net/conf/httpd.include

<VirtualHost 62.193.225.224:80>
        ServerName   thalasoft.net:80
        ServerAlias  www.thalasoft.net
        UseCanonicalName Off
        ServerAdmin  "mittiprovence@yahoo.se"
        DocumentRoot /home/httpd/vhosts/thalasoft.net/httpdocs
        CustomLog  /home/httpd/vhosts/thalasoft.net/statistics/logs/access_log combined
        ErrorLog   /home/httpd/vhosts/thalasoft.net/statistics/logs/error_log
<IfModule mod_userdir.c>
        UserDir /home/httpd/vhosts/thalasoft.net/web_users
</IfModule>
        <IfModule mod_ssl.c>
                SSLEngine off
        </IfModule>
        <Directory /home/httpd/vhosts/thalasoft.net/httpdocs>
        <IfModule sapi_apache2.c>
                php_admin_flag engine on
                php_admin_value open_basedir "/home/httpd/vhosts/thalasoft.net:/tmp"
        </IfModule>
        Options -Includes -ExecCGI
        </Directory>
</VirtualHost>

<VirtualHost 62.193.225.224:80>
        ServerName   demo.thalasoft.net:80
        ServerAdmin  "mittiprovence@yahoo.se"
        DocumentRoot /home/httpd/vhosts/thalasoft.net/subdomains/demo/httpdocs
        CustomLog  /home/httpd/vhosts/thalasoft.net/statistics/logs/access_log combined
        ErrorLog   /home/httpd/vhosts/thalasoft.net/statistics/logs/error_log
        Alias /engine /home/httpd/vhosts/thalasoft.net/httpdocs/engine
        <IfModule mod_ssl.c>
                SSLEngine off
        </IfModule>
        <Directory  /home/httpd/vhosts/thalasoft.net/subdomains/demo/httpdocs>
        <IfModule sapi_apache2.c>
                php_admin_flag engine on
                php_admin_value open_basedir "/home/httpd/vhosts/thalasoft.net:/tmp"
        </IfModule>
                Options -Includes -ExecCGI
        </Directory>
</VirtualHost>
0
 

Author Comment

by:stephaneeybert
ID: 12411853
You may note that I never saw this message seen on your page http://us2.php.net/features.safe-mode :

Warning: SAFE MODE Restriction in effect. The script whose uid is 500 is not
allowed to access /etc/passwd owned by uid 0 in /docroot/script.php on line 2

Not once!

So it might not be a safe mode issue after all...


0
 
LVL 15

Expert Comment

by:periwinkle
ID: 12411867
Have you set an open_basedir by any chance?
0
 

Author Comment

by:stephaneeybert
ID: 12411893
The script

http://www.thalasoft.net/engine/safe_mode.php

containing

<?php

// Check for safe mode
if( ini_get('safe_mode') ){
  print("Safe mode is ON");
  }else{
  print("Safe mode is OFF");
  }

?>

displays

Safe mode is OFF

0
 
LVL 15

Expert Comment

by:periwinkle
ID: 12411948
I see your point... have you checked the error_log?

According to here:

http://us2.php.net/manual/en/function.require.php

require should result in a fatal error, whereas include should continue even if it can't execute.  What happens when you use include?

Have you tried setting the return value to a variable and printing that out?

see: http://us2.php.net/manual/en/function.include.php

0
 
LVL 5

Expert Comment

by:mrielf
ID: 12412075
Here is a part from my httpd.conf:

<VirtualHost xxx.xxx.xxx.xxx>
    ServerAdmin webmaster@xxxxxxxxxxx
    DocumentRoot /usr/share/web
    ServerName teszt
    alias /mr/ /var/www/mr/
    ErrorLog /var/log/apache/avivanet.hu-error.log
    CustomLog /var/log/apache/avivanet.hu-access.log common
</VirtualHost>

a part from php.ini:

safe_mode = Off
safe_mode_gid = Off
safe_mode_include_dir =        
safe_mode_exec_dir =

safe_mode_allowed_env_vars = PHP_
safe_mode_protected_env_vars = LD_LIBRARY_PATH

;open_basedir =

disable_functions =
disable_classes =

;include_path = ".:/usr/share/pear"


This index.php is sitting in /var/www/mr :

<?php
require_once("/mylib/include.php");
?>

This included file (include.php) is sitting in /mylib

<?php
echo "hello";
?>


when i requesting http://server/mr/index.php it displays "hello" (The include was sucessfull)

So, the "/mylib" isn't  noticet on another place that in the index.php and it works...
You need nothing, if the Safe Mode is off...

0
 

Author Comment

by:stephaneeybert
ID: 12412165
Thanks to you all.

But in my example, there are no include statements...

This http://www.thalasoft.net/engine/ajeter.php is parsed fine.

This http://demo.thalasoft.net/engine/ajeter.php displays a download popup.

And the file is sitting in

/home/httpd/vhosts/thalasoft.net/httpdocs/engine/ajeter.php

and contains

<?PHP

print("Parsed!");

?>

0
 

Author Comment

by:stephaneeybert
ID: 12412192
And now I have an open_basedir restriction in effect.

That is because Plesk overwrites my conf/httpd.include file and sets anew the open_basedir variable.

0
 
LVL 15

Expert Comment

by:periwinkle
ID: 12412274
Ahah!  That's the problem.

From http://us2.php.net/features.safe-mode :

open_basedir  string

    Limit the files that can be opened by PHP to the specified directory-tree, including the file itself. This directive is NOT affected by whether Safe Mode is turned On or Off.

    When a script tries to open a file with, for example, fopen() or gzopen(), the location of the file is checked. When the file is outside the specified directory-tree, PHP will refuse to open it. All symbolic links are resolved, so it's not possible to avoid this restriction with a symlink.

(...)

 In httpd.conf, open_basedir can be turned off (e.g. for some virtual hosts) the same way as any other configuration directive with "php_admin_value open_basedir none".

This also contains a link to here:

http://us2.php.net/manual/en/configuration.changes.php#configuration.changes.apache

which shows how to place these directives.

0
 
LVL 5

Expert Comment

by:mrielf
ID: 12412317
Sorry I very misunderstood You...

Of course you must use "alias" in this situation, but it looks like the problem exist at Virtual Host part...

One moment I investigate it...
0
 
LVL 5

Expert Comment

by:mrielf
ID: 12412505
I think periwinkle got the answer...

Sorry for bad information from me... :) I totaly misunderstood your problem...

0
 

Expert Comment

by:mogrify
ID: 12495223
Although this might be a moot point after so many determined efforts to solve this, you might be able to achieve the same effect by bind-mounting the directory with the scripts in it it to the appropriate directories in the other hosts, like this:

mount --bind /home/httpd/vhosts/website0.net/httpdocs/engine/lib /home/httpd/vhosts/website1.net/httpdocs/engine/lib

and so on... the result is that the new directories are truly part of the filesystem and not outside the allowed directory tree.  I haven't tested this with php but I use it to make my web directory (/var/www/localhost/htdocs) accessible from my home folder when I log in via FTP (which also doesn't follow symlinks and the like).  Of course you need root access and kernel>=2.4.  For more info do `man mount`.
0
 

Author Comment

by:stephaneeybert
ID: 12495914
I found out how to do it.

In the conf/ directory of the virtual host, create a file vhost.conf containing:

<Directory /home/httpd/vhosts/thalasoft.net/httpdocs>
php_admin_value open_basedir none
</Directory>

Then run the command:

/usr/local/psa/admin/sbin/websrvmng -u --vhost-name=mywebsite.com

Then restart Apache.

And it works fine!

I would like to do the same thing for a sub domain this time (instead of a domain).

Any idea..?

Cheers

Stephane
0
 
LVL 15

Expert Comment

by:periwinkle
ID: 12496508
Stephanie -

Congrats on the solution to your original problem!

You can set up a subdomain the same way that you set up a domain -- through a virtualhost:

<VirtualHost xxx.xxx.xxx.xxx:80>
        ServerName   mysubdomain.thalasoft.net:80
        DocumentRoot /home/httpd/vhosts/thalasoft.net/subdomains/mysubdomain/httpdocs

       (...)

        <Directory  /home/httpd/vhosts/thalasoft.net/subdomains/mysubdomain/httpdocs>
         php_admin_value open_basedir none
        </Directory>
</VirtualHost>


Then run the command:

/usr/local/psa/admin/sbin/websrvmng -u --vhost-name=mysubdomain.mywebsite.com

and restart Apache.

... should work just the same!

0
 

Author Comment

by:stephaneeybert
ID: 12496682
The setup cannot be placed inside the <VirtualHost> tags as they are generated by Plesk.

Each time Plesk 7 is restarted, it recreates the http.include file for each domain.

Therefore the use of the vhost.conf files.

I'll try your suggestion though.

Back to you soon!
0
 

Author Comment

by:stephaneeybert
ID: 12496734
I added this:

<Directory /home/httpd/vhosts/thalasoft.net/subdomains/demo/httpdocs>
php_admin_value open_basedir /home/httpd/vhosts
</Directory>

in the vhost.conf file of the domain name.

And ran the command:

/usr/local/psa/admin/sbin/websrvmng -u --vhost-name=mysubdomain.mywebsite.com

and restarted Apache.

But the open_basedir was not modified at all.

Thanks for the effort!

Stephane
0
 
LVL 15

Accepted Solution

by:
periwinkle earned 800 total points
ID: 12496974
hmmm - I'm not familiar with how to get around Plesk - sorry!  I do my configurations by hand :)
0
 

Author Comment

by:stephaneeybert
ID: 12498271
No worries! Thanks for your support!
0
 
LVL 15

Expert Comment

by:periwinkle
ID: 12499596
Stephanie -

You're very kind - I'm glad that you problem has been solved, and hope you can quickly get beyond the Plesk issue as well.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

SASS allows you to treat your CSS code in a more OOP way. Let's have a look on how you can structure your code in order for it to be easily maintained and reused.
Introduction This article is intended for those who are new to PHP error handling (https://www.experts-exchange.com/articles/11769/And-by-the-way-I-am-New-to-PHP.html).  It addresses one of the most common problems that plague beginning PHP develop…
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.
The viewer will learn the basics of jQuery including how to code hide show and toggles. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery…
Suggested Courses

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question