Solved

A PHP file is being included from somewhere other than my application folder. How can I find it?

Posted on 2014-02-12
6
450 Views
Last Modified: 2014-02-13
I'm trying to maintain a legacy application which has a real mess of calls like
include_once("config.php");

Open in new window

The trouble is that a config.php file is being loaded from somewhere outside of my application folder, and returning an error, and exiting. This will be because PHP has a path setting allowing it to pick up files from somewhere else if they aren't found locally.

Is there a log of which files are being loaded when my application is running, or some other way of tracking down the location of that file?

Thanks
0
Comment
Question by:Terry Woods
6 Comments
 
LVL 27

Assisted Solution

by:yodercm
yodercm earned 50 total points
ID: 39855319
There is a very nice little tool here:

http://12g.com/ghosts/replace.htm

which will search an entire folder and subfolders for any given string.  Just use it on your high-level folder of the code, searching for "include" and for "require", or if you are sure of the name, search for "config.php".
0
 
LVL 34

Assisted Solution

by:Dan Craciun
Dan Craciun earned 133 total points
ID: 39855338
Notepad++ has the same ability, and supports regular expressions.
So does WinGrep...

@TerryAtOpus: What does the  "include_path" say?

HTH,
Dan
0
 
LVL 82

Accepted Solution

by:
Dave Baldwin earned 134 total points
ID: 39855413
'phpinfo()' will tell you what the 'include_path' is.   http://us2.php.net/manual/en/function.phpinfo.php
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 
LVL 9

Assisted Solution

by:rinfo
rinfo earned 133 total points
ID: 39855555
php info will only tell what include_path is and will search that directory for the include which does not have a path.
As its not being able to find required file, and include does not mention any path, it is
evident that , if at all application was running ok earlier in some other location, config.php
some how is missing. Best way to check by  creating  a dummy config file have  in root directory , it will certainly fail on not being found config entries but you will be assured that
file is missing and you have to reconstruct it.
0
 
LVL 42

Assisted Solution

by:Chris Stanyon
Chris Stanyon earned 50 total points
ID: 39855746
Have a look at your Apache error logs. It will show you in there where the file is being loaded from, and should also show your include path it's trying to use.
0
 
LVL 35

Assisted Solution

by:Terry Woods
Terry Woods earned 0 total points
ID: 39857699
Ok, so the situation went something like this:
File A.php in folder X is the main file for running the app.
File B.php in folder X/Y is used by file A.php with a require_once("Y/B.php") call
File C.php in folder X/Y is used by file B.php with a require_once("C.php") call
File D.php in folder X/Z is called directly, and also requires file B.php. Unfortunately, when file B.php does its require_once("C.php") call, PHP is looking in folder X/Z for C.php but it's actually in folder X/Y

Normally, you'd just get a file not found error, but in my case the file was being found elsewhere on the server.

The solution is described here:
http://yagudaev.com/posts/resolving-php-relative-path-problem/

The require_once calls should include the path of the file currently running, which is obtained like this:
require_once(dirname(__FILE__)."/C.php");

This fixed the issue, without needing to find the file that was being loaded.

I can confirm however that I did find the file being loaded unintentionally in a different folder that was defined in the include_path value as shown by phpinfo(). Thanks all for your help!
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

JavaScript has plenty of pieces of code people often just copy/paste from somewhere but never quite fully understand. Self-Executing functions are just one good example that I'll try to demystify here.
Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
Viewers will learn about the different types of variables in Java and how to declare them. Decide the type of variable desired: Put the keyword corresponding to the type of variable in front of the variable name: Use the equal sign to assign a v…
The viewer will the learn the benefit of plain text editors and code an HTML5 based template for use in further tutorials.

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now