I'm getting this error on an avatar upload on my site. I've never gotten it before and nothing was changed recently for me to begin getting this error...
Warning: is_writable() [function.is-writable]:
open_basedir restriction in effect.
File(/) is not within the allowed path(s):
Modify the open_basedir settings in your hosting account and set them to none. Find the open_basedir setting given under 'PHP Settings' area of your Plesk/cPanel. Set it to 'none' from the dropdown given there.
I have shown them in the Plesk panel picture.
To resolve this error, you must edit the file httpd.conf.
Way before it can be seen in phpinfo in apache2handler section directive Server Root.
For example, in my case this way - / etc / httpd / httpd.conf.
Open the file httpd.conf, find the mention of the parameter open_basedir. And set it to none. (php_admin_value open_basedir none)
If you're running this with php file.php. You need to edit php.ini
Find this file:
: locate php.ini
/etc/php/php.ini
And append file's path to open_basedir property:
open_basedir = /srv/http/:/home/:/tmp/:/usr/share/pear/:/usr/share/webapps/:/etc/webapps/:/run/media/andrew/ext4/protected
For me the problem was bad/missing config values for the Plesk server running the whole thing.
I just followed the directions here:
http://davidseah.com/blog/2007/04/separate-php-error-logs-for-multiple-domains-with-plesk/
You can configure PHP to have a separate error log file for each VirtualHost definition. The trick is knowing exactly how to set it up, because you can’t touch the configuration directly without breaking Plesk.
Every domain name on your (dv) has its own directory in /var/www/vhosts. A typical directory has the following top level directories:
cgi-bin/
conf/
error_docs/
httpdocs/
httpsdocs/
...and so on
You’ll want to create a vhost.conf file in the domain directory’s conf/ folder with the following lines:
php_value error_log /path/to/error_log
php_flag display_errors off
php_value error_reporting 6143
php_flag log_errors on
Change the first value to match your actual installation (I used /tmp/phperrors.log). After you’re done editing the vhost.conf file, test the configuration from the console with:
apachectl configtest
…or if you don’t have apachectl (as Plesk 8.6 doesn’t seem to)…
/etc/init.d/httpd configtest
And finally tell Plesk that you’ve made this change.
/usr/local/psa/admin/bin/websrvmng -a
Laravel
If you have this problem when using Laravel.
Only go to folder bootstrap/cache and rename config.php to anything you want and reload site.
If used ispconfig3:
Go to Website section -> Options -> PHP open_basedir:
In this field has described allowed paths and each path is separated
with ":"
/var/www/clients/client2/web3/image:/var/www/clients/client2/web3/web:/var/www/...
and so on
So here must put the path that you want to have access, in my case is:
/var/www/clients/client2/web3/image:
The problem appears because:
When a script tries to access the filesystem, for example using include, or fopen(), the location of the file is checked. When the file is outside the specified directory-tree, PHP will refuse to access it.
The path you're refering to is incorect, and not withing the directoryRoot of your workspace. Try building an absolute path the the file you want to access, where you are now probably using a relative path...
if you have this kind of problem with ispconfig3 and got an error like this
open_basedir restriction in effect.
File(/var/www/clients/client7/web15) is not within the allowed
path(s):.........
To solve it (in my case) , just set PHP to SuPHP in the Website's panel of ispconfig3
Hope it helps someone :)
I had this problem # one of my wordpress sites after updating and/or moving :)
Check in database table 'wp_options' the 'upload_path' and edit it properly...
For Plesk, you can change or set the openbase dir settings via the panel
https://support.plesk.com/hc/en-us/articles/360006170513-How-to-add-custom-or-additional-path-to-the-open-basedir-option-for-Plesk-domain-
Edit the php.ini or .user.ini that is located within the main directory
open_basedir = none
If you are running a PHP IIS stack and have this error, it is usually a quick permission fix.
If you administer the windows server yourself and have access, try this FIRST:
Navigate to the folder that is giving you grief on writing to and right click it > open properties > security.
See what users have access to the folder, which ones have read only and which have full. Do you have a group that is blocking write?
The fix will be specific to your IIS setup, are you using Anonymous Authentication with specific user IUSR or with the Application Pool identity?
At any rate, you are going to end up adding a new full write permission for one of IUSR, IIS_IUSRS, or your application pool identity - like I said, this is going to vary depending on your setup and how you want to do it, you can go down the google rabbit hole on this one (one such post - IIS_IUSRS and IUSR permissions in IIS8) For me, i use anon with my app pool identity so i can get away with MACHINE_NAME\IIS_IUSRS with full read/write on any temp or upload folders.
I do not need to add anything extra to my open_basedir = in the php.ini.
In addition to #yogihosting's answer, if you are using DirectAdmin, then follow these steps:
Go to the DirectAdmin's login page. Usually, its port is 2222.
Login as administrator. Its username is admin by default.
From the "Access Level" on the right panel, make sure you are on "Admin Level". If not, change to it.
From the "Extra Features" section, click on "Custom HTTPD Configurations".
Choose the domain you want to change.
Enter the configurations you want to change in the textarea at the top of the page. You should consider the existing configuration file and modify values based on it. For example, if you see that open_basedir is set inside a <Directory>, maybe you should surround your change in the related <Directory> tag:
<Directory "/path/to/directory">
php_admin_value open_basedir none
</Directory>
After making necessary changes, click on the "Save" button.
You should now see your changes saved to the configuration file if they were valid.
There is another way of editing the configuration file, however:
Caution: Be careful, and use the following steps at your own risk, as you may run into errors, or it may lead to downtime. The recommended way is the previous one, as it prevents you from modifying configuration file improperly and show you the error.
Login to your server as root.
Go to /usr/local/directadmin/data/users. From the listed users, go to one related to the domain you want to change.
Here, there is an httpd.conf file. Make a backup from it:
cp httpd.conf httpd.conf.back
Now edit the configuration file with your editor of choice. For example, edit existing open_basedir to none. Do not try to remove things, or you may experience downtime. Save the file after editing.
Restart the Apache web server using one of the following ways (use sudo if needed):
httpd -k graceful
apachectl -k graceful
apache2 -k graceful
If your encounter any errors, then replace the main configuration file with the backed-up file, and restart the web server.
Again, the first solution is the preferred one, and you should not try the second method at the first time. As it is noted in the caution, the advantage of the first way is that it prevents saving your bad-configured stuff.
Hope it helps!
I am using an Apache vhost-File to run PHP with application-specific ini-options on my windows-server. Therefore I use the -d option of the php-command.
I am setting the open_basedir for every application as one of these options.
I needed to set multiple urls as open_basedir, including an UNC-Path, and the syntax for this case was a bit hard to find. You have to seperate the paths with semicolons and if your first path starts with a driveletter you might have to start the list with a semicolon too. At least that's what works for me.
Example:
php.exe -d open_basedir=;d:/www/applicationRoot;//internal.unc.path/ressource/
I uploaded my codeigniter project on Directadmin panel. I was getting same error.
Then I change in php settings.
open_basedir =
session.save_path = ./temp/
Then it worked for me.
As most do not find a solution, the solutions are broad for WordPress most even don't know fully why things are they are.
I've found out you will have to enable IP for your server in especially when using Cerber in some cases it can think you are not uploading .png instead you are uploading .js files.
The server IP needs to be whitelisted. Even the uploaders in some rare cases.
A great to know is to have a tmp folder 755 in your base directory, you actually do not need a folder called tmp.: "Also remember / properly inedited as below:
open_basedir = "/home/user/site.com/:/tmp"
upload_tmp_dir = /home/user/site.com/tmp
The best option for quick setup is in Cpanel where you use the MultiPHP INI Editor you can actually save and both .htaccess and php.ini will be updated as well as settings being initiated at the same time on site.
It's NOT recommended to have basedir as "none" since you are enabling root files that can be edited with just a single file editor in WordPress. If that truly is possible.
Check \httpdocs\bootstrap\cache\config.php file in plesk to see if there are some unwanted paths.
Just search
open_basedir =
in php.ini and disable it. That's the simplest solution to solve this issue.
Before Changes open_basedir =
After Changes ;open_basedir =
P.s - After changes don't forget to restart your server.
Enjoy ;)
Modify the open_basedir settings in your PHP configuration (See Runtime Configuration).
The open_basedir setting is primarily used to prevent PHP scripts for a particular user from accessing files in another user's account. So usually, any files in your own account should be readable by your own scripts.
Example settings via .htaccess if PHP runs as Apache module on a Linux system:
<DirectoryMatch "/home/sites/site81/">
php_admin_value open_basedir "/home/sites/site81/:/tmp/:/"
</DirectoryMatch>
Related
In PHP scripts, whether calling include(), require(), fopen(), or their derivatives such as include_once, require_once, or even, move_uploaded_file(), one often runs into an error or warning:
Failed to open stream : No such file or directory.
What is a good process to quickly find the root cause of the problem?
There are many reasons why one might run into this error and thus a good checklist of what to check first helps considerably.
Let's consider that we are troubleshooting the following line:
require "/path/to/file"
Checklist
1. Check the file path for typos
either check manually (by visually checking the path)
or move whatever is called by require* or include* to its own variable, echo it, copy it, and try accessing it from a terminal:
$path = "/path/to/file";
echo "Path : $path";
require "$path";
Then, in a terminal:
cat <file path pasted>
2. Check that the file path is correct regarding relative vs absolute path considerations
if it is starting by a forward slash "/" then it is not referring to the root of your website's folder (the document root), but to the root of your server.
for example, your website's directory might be /users/tony/htdocs
if it is not starting by a forward slash then it is either relying on the include path (see below) or the path is relative. If it is relative, then PHP will calculate relatively to the path of the current working directory.
thus, not relative to the path of your web site's root, or to the file where you are typing
for that reason, always use absolute file paths
Best practices :
In order to make your script robust in case you move things around, while still generating an absolute path at runtime, you have 2 options :
use require __DIR__ . "/relative/path/from/current/file". The __DIR__ magic constant returns the directory of the current file.
define a SITE_ROOT constant yourself :
at the root of your web site's directory, create a file, e.g. config.php
in config.php, write
define('SITE_ROOT', __DIR__);
in every file where you want to reference the site root folder, include config.php, and then use the SITE_ROOT constant wherever you like :
require_once __DIR__."/../config.php";
...
require_once SITE_ROOT."/other/file.php";
These 2 practices also make your application more portable because it does not rely on ini settings like the include path.
3. Check your include path
Another way to include files, neither relatively nor purely absolutely, is to rely on the include path. This is often the case for libraries or frameworks such as the Zend framework.
Such an inclusion will look like this :
include "Zend/Mail/Protocol/Imap.php"
In that case, you will want to make sure that the folder where "Zend" is, is part of the include path.
You can check the include path with :
echo get_include_path();
You can add a folder to it with :
set_include_path(get_include_path().":"."/path/to/new/folder");
4. Check that your server has access to that file
It might be that all together, the user running the server process (Apache or PHP) simply doesn't have permission to read from or write to that file.
To check under what user the server is running you can use posix_getpwuid :
$user = posix_getpwuid(posix_geteuid());
var_dump($user);
To find out the permissions on the file, type the following command in the terminal:
ls -l <path/to/file>
and look at permission symbolic notation
5. Check PHP settings
If none of the above worked, then the issue is probably that some PHP settings forbid it to access that file.
Three settings could be relevant :
open_basedir
If this is set PHP won't be able to access any file outside of the specified directory (not even through a symbolic link).
However, the default behavior is for it not to be set in which case there is no restriction
This can be checked by either calling phpinfo() or by using ini_get("open_basedir")
You can change the setting either by editing your php.ini file or your httpd.conf file
safe mode
if this is turned on restrictions might apply. However, this has been removed in PHP 5.4. If you are still on a version that supports safe mode upgrade to a PHP version that is still being supported.
allow_url_fopen and allow_url_include
this applies only to including or opening files through a network process such as http:// not when trying to include files on the local file system
this can be checked with ini_get("allow_url_include") and set with ini_set("allow_url_include", "1")
Corner cases
If none of the above enabled to diagnose the problem, here are some special situations that could happen :
1. The inclusion of library relying on the include path
It can happen that you include a library, for example, the Zend framework, using a relative or absolute path. For example :
require "/usr/share/php/libzend-framework-php/Zend/Mail/Protocol/Imap.php"
But then you still get the same kind of error.
This could happen because the file that you have (successfully) included, has itself an include statement for another file, and that second include statement assumes that you have added the path of that library to the include path.
For example, the Zend framework file mentioned before could have the following include :
include "Zend/Mail/Protocol/Exception.php"
which is neither an inclusion by relative path, nor by absolute path. It is assuming that the Zend framework directory has been added to the include path.
In such a case, the only practical solution is to add the directory to your include path.
2. SELinux
If you are running Security-Enhanced Linux, then it might be the reason for the problem, by denying access to the file from the server.
To check whether SELinux is enabled on your system, run the sestatus command in a terminal. If the command does not exist, then SELinux is not on your system. If it does exist, then it should tell you whether it is enforced or not.
To check whether SELinux policies are the reason for the problem, you can try turning it off temporarily. However be CAREFUL, since this will disable protection entirely. Do not do this on your production server.
setenforce 0
If you no longer have the problem with SELinux turned off, then this is the root cause.
To solve it, you will have to configure SELinux accordingly.
The following context types will be necessary :
httpd_sys_content_t for files that you want your server to be able to read
httpd_sys_rw_content_t for files on which you want read and write access
httpd_log_t for log files
httpd_cache_t for the cache directory
For example, to assign the httpd_sys_content_t context type to your website root directory, run :
semanage fcontext -a -t httpd_sys_content_t "/path/to/root(/.*)?"
restorecon -Rv /path/to/root
If your file is in a home directory, you will also need to turn on the httpd_enable_homedirs boolean :
setsebool -P httpd_enable_homedirs 1
In any case, there could be a variety of reasons why SELinux would deny access to a file, depending on your policies. So you will need to enquire into that. Here is a tutorial specifically on configuring SELinux for a web server.
3. Symfony
If you are using Symfony, and experiencing this error when uploading to a server, then it can be that the app's cache hasn't been reset, either because app/cache has been uploaded, or that cache hasn't been cleared.
You can test and fix this by running the following console command:
cache:clear
4. Non ACSII characters inside Zip file
Apparently, this error can happen also upon calling zip->close() when some files inside the zip have non-ASCII characters in their filename, such as "é".
A potential solution is to wrap the file name in utf8_decode() before creating the target file.
Credits to Fran Cano for identifying and suggesting a solution to this issue
To add to the (really good) existing answer
Shared Hosting Software
open_basedir is one that can stump you because it can be specified in a web server configuration. While this is easily remedied if you run your own dedicated server, there are some shared hosting software packages out there (like Plesk, cPanel, etc) that will configure a configuration directive on a per-domain basis. Because the software builds the configuration file (i.e. httpd.conf) you cannot change that file directly because the hosting software will just overwrite it when it restarts.
With Plesk, they provide a place to override the provided httpd.conf called vhost.conf. Only the server admin can write this file. The configuration for Apache looks something like this
<Directory /var/www/vhosts/domain.com>
<IfModule mod_php5.c>
php_admin_flag engine on
php_admin_flag safe_mode off
php_admin_value open_basedir "/var/www/vhosts/domain.com:/tmp:/usr/share/pear:/local/PEAR"
</IfModule>
</Directory>
Have your server admin consult the manual for the hosting and web server software they use.
File Permissions
It's important to note that executing a file through your web server is very different from a command line or cron job execution. The big difference is that your web server has its own user and permissions. For security reasons that user is pretty restricted. Apache, for instance, is often apache, www-data or httpd (depending on your server). A cron job or CLI execution has whatever permissions that the user running it has (i.e. running a PHP script as root will execute with permissions of root).
A lot of times people will solve a permissions problem by doing the following (Linux example)
chmod 777 /path/to/file
This is not a smart idea, because the file or directory is now world writable. If you own the server and are the only user then this isn't such a big deal, but if you're on a shared hosting environment you've just given everyone on your server access.
What you need to do is determine the user(s) that need access and give only those them access. Once you know which users need access you'll want to make sure that
That user owns the file and possibly the parent directory (especially the parent directory if you want to write files). In most shared hosting environments this won't be an issue, because your user should own all the files underneath your root. A Linux example is shown below
chown apache:apache /path/to/file
The user, and only that user, has access. In Linux, a good practice would be chmod 600 (only owner can read and write) or chmod 644 (owner can write but everyone can read)
You can read a more extended discussion of Linux/Unix permissions and users here
Look at the exact error
My code worked fine on all machines but only on this one started giving problem (which used to work find I guess). Used echo "document_root" path to debug and also looked closely at the error, found this
Warning:
include(D:/MyProjects/testproject//functions/connections.php):
failed to open stream:
You can easily see where the problems are. The problems are // before functions
$document_root = $_SERVER['DOCUMENT_ROOT'];
echo "root: $document_root";
include($document_root.'/functions/connections.php');
So simply remove the lading / from include and it should work fine. What is interesting is this behaviors is different on different versions. I run the same code on Laptop, Macbook Pro and this PC, all worked fine untill. Hope this helps someone.
Copy past the file location in the browser to make sure file exists. Sometimes files get deleted unexpectedly (happened with me) and it was also the issue in my case.
Samba Shares
If you have a Linux test server and you work from a Windows Client, the Samba share interferes with the chmod command. So, even if you use:
chmod -R 777 myfolder
on the Linux side it is fully possible that the Unix Group\www-data still doesn't have write access. One working solution if your share is set up that Windows admins are mapped to root: From Windows, open the Permissions, disable Inheritance for your folder with copy, and then grant full access for www-data.
Add script with query parameters
That was my case. It actually links to question #4485874, but I'm going to explain it here shortly.
When you try to require path/to/script.php?parameter=value, PHP looks for file named script.php?parameter=value, because UNIX allows you to have paths like this.
If you are really need to pass some data to included script, just declare it as $variable=... or $GLOBALS[]=... or other way you like.
Aside from the other excellent answers, one thing I overlooked on Windows while writing a simple script: This error will be shown when trying to open a file with characters that Windows does not support in file names.
For example:
$file = fopen(date('Y-m-d_H:i:s'), 'w+');
Will give:
fopen(2022-06-01_22:53:03): Failed to open stream: No such file or directory in ...
Windows does not like : in file names, as well as a number of other characters.
The following PHP settings in php.ini if set to non-existent directory can also raise
PHP Warning: Unknown: failed to open stream: Permission denied in
Unknown on line 0
sys_temp_dir
upload_tmp_dir
session.save_path
PHP - Failed to open stream : No such file or directory in mac
For example I will upload a picture. But I am getting this error. First thing i will do right click on the image and get info.
$thePathOfMyPicture = "/Users/misstugba/Desktop/";
use with function
if(move_uploaded_file($_FILES["file"]["tmp_name"],$thePathOfMyPicture.$_FILES["file"]["name"])){
echo "image uploaded successfully";
}
For me I got this error because I was trying to read a file which required HTTP auth, with a username and password. Hope that helps others. Might be another corner case.
Edit
You can check if this type of authentication is present by inspecting the headers:
$file_headers = get_headers($url);
if (!$file_headers) echo 'File headers missing';
else if (strpos($file_headers[0], '401 Unauthorized') > -1) echo '401 Unauthorized';
In PHP, start Apache then write you DB name and password if exist in your environment(.env).
In PHP scripts, whether calling include(), require(), fopen(), or their derivatives such as include_once, require_once, or even, move_uploaded_file(), one often runs into an error or warning:
Failed to open stream : No such file or directory.
What is a good process to quickly find the root cause of the problem?
There are many reasons why one might run into this error and thus a good checklist of what to check first helps considerably.
Let's consider that we are troubleshooting the following line:
require "/path/to/file"
Checklist
1. Check the file path for typos
either check manually (by visually checking the path)
or move whatever is called by require* or include* to its own variable, echo it, copy it, and try accessing it from a terminal:
$path = "/path/to/file";
echo "Path : $path";
require "$path";
Then, in a terminal:
cat <file path pasted>
2. Check that the file path is correct regarding relative vs absolute path considerations
if it is starting by a forward slash "/" then it is not referring to the root of your website's folder (the document root), but to the root of your server.
for example, your website's directory might be /users/tony/htdocs
if it is not starting by a forward slash then it is either relying on the include path (see below) or the path is relative. If it is relative, then PHP will calculate relatively to the path of the current working directory.
thus, not relative to the path of your web site's root, or to the file where you are typing
for that reason, always use absolute file paths
Best practices :
In order to make your script robust in case you move things around, while still generating an absolute path at runtime, you have 2 options :
use require __DIR__ . "/relative/path/from/current/file". The __DIR__ magic constant returns the directory of the current file.
define a SITE_ROOT constant yourself :
at the root of your web site's directory, create a file, e.g. config.php
in config.php, write
define('SITE_ROOT', __DIR__);
in every file where you want to reference the site root folder, include config.php, and then use the SITE_ROOT constant wherever you like :
require_once __DIR__."/../config.php";
...
require_once SITE_ROOT."/other/file.php";
These 2 practices also make your application more portable because it does not rely on ini settings like the include path.
3. Check your include path
Another way to include files, neither relatively nor purely absolutely, is to rely on the include path. This is often the case for libraries or frameworks such as the Zend framework.
Such an inclusion will look like this :
include "Zend/Mail/Protocol/Imap.php"
In that case, you will want to make sure that the folder where "Zend" is, is part of the include path.
You can check the include path with :
echo get_include_path();
You can add a folder to it with :
set_include_path(get_include_path().":"."/path/to/new/folder");
4. Check that your server has access to that file
It might be that all together, the user running the server process (Apache or PHP) simply doesn't have permission to read from or write to that file.
To check under what user the server is running you can use posix_getpwuid :
$user = posix_getpwuid(posix_geteuid());
var_dump($user);
To find out the permissions on the file, type the following command in the terminal:
ls -l <path/to/file>
and look at permission symbolic notation
5. Check PHP settings
If none of the above worked, then the issue is probably that some PHP settings forbid it to access that file.
Three settings could be relevant :
open_basedir
If this is set PHP won't be able to access any file outside of the specified directory (not even through a symbolic link).
However, the default behavior is for it not to be set in which case there is no restriction
This can be checked by either calling phpinfo() or by using ini_get("open_basedir")
You can change the setting either by editing your php.ini file or your httpd.conf file
safe mode
if this is turned on restrictions might apply. However, this has been removed in PHP 5.4. If you are still on a version that supports safe mode upgrade to a PHP version that is still being supported.
allow_url_fopen and allow_url_include
this applies only to including or opening files through a network process such as http:// not when trying to include files on the local file system
this can be checked with ini_get("allow_url_include") and set with ini_set("allow_url_include", "1")
Corner cases
If none of the above enabled to diagnose the problem, here are some special situations that could happen :
1. The inclusion of library relying on the include path
It can happen that you include a library, for example, the Zend framework, using a relative or absolute path. For example :
require "/usr/share/php/libzend-framework-php/Zend/Mail/Protocol/Imap.php"
But then you still get the same kind of error.
This could happen because the file that you have (successfully) included, has itself an include statement for another file, and that second include statement assumes that you have added the path of that library to the include path.
For example, the Zend framework file mentioned before could have the following include :
include "Zend/Mail/Protocol/Exception.php"
which is neither an inclusion by relative path, nor by absolute path. It is assuming that the Zend framework directory has been added to the include path.
In such a case, the only practical solution is to add the directory to your include path.
2. SELinux
If you are running Security-Enhanced Linux, then it might be the reason for the problem, by denying access to the file from the server.
To check whether SELinux is enabled on your system, run the sestatus command in a terminal. If the command does not exist, then SELinux is not on your system. If it does exist, then it should tell you whether it is enforced or not.
To check whether SELinux policies are the reason for the problem, you can try turning it off temporarily. However be CAREFUL, since this will disable protection entirely. Do not do this on your production server.
setenforce 0
If you no longer have the problem with SELinux turned off, then this is the root cause.
To solve it, you will have to configure SELinux accordingly.
The following context types will be necessary :
httpd_sys_content_t for files that you want your server to be able to read
httpd_sys_rw_content_t for files on which you want read and write access
httpd_log_t for log files
httpd_cache_t for the cache directory
For example, to assign the httpd_sys_content_t context type to your website root directory, run :
semanage fcontext -a -t httpd_sys_content_t "/path/to/root(/.*)?"
restorecon -Rv /path/to/root
If your file is in a home directory, you will also need to turn on the httpd_enable_homedirs boolean :
setsebool -P httpd_enable_homedirs 1
In any case, there could be a variety of reasons why SELinux would deny access to a file, depending on your policies. So you will need to enquire into that. Here is a tutorial specifically on configuring SELinux for a web server.
3. Symfony
If you are using Symfony, and experiencing this error when uploading to a server, then it can be that the app's cache hasn't been reset, either because app/cache has been uploaded, or that cache hasn't been cleared.
You can test and fix this by running the following console command:
cache:clear
4. Non ACSII characters inside Zip file
Apparently, this error can happen also upon calling zip->close() when some files inside the zip have non-ASCII characters in their filename, such as "é".
A potential solution is to wrap the file name in utf8_decode() before creating the target file.
Credits to Fran Cano for identifying and suggesting a solution to this issue
To add to the (really good) existing answer
Shared Hosting Software
open_basedir is one that can stump you because it can be specified in a web server configuration. While this is easily remedied if you run your own dedicated server, there are some shared hosting software packages out there (like Plesk, cPanel, etc) that will configure a configuration directive on a per-domain basis. Because the software builds the configuration file (i.e. httpd.conf) you cannot change that file directly because the hosting software will just overwrite it when it restarts.
With Plesk, they provide a place to override the provided httpd.conf called vhost.conf. Only the server admin can write this file. The configuration for Apache looks something like this
<Directory /var/www/vhosts/domain.com>
<IfModule mod_php5.c>
php_admin_flag engine on
php_admin_flag safe_mode off
php_admin_value open_basedir "/var/www/vhosts/domain.com:/tmp:/usr/share/pear:/local/PEAR"
</IfModule>
</Directory>
Have your server admin consult the manual for the hosting and web server software they use.
File Permissions
It's important to note that executing a file through your web server is very different from a command line or cron job execution. The big difference is that your web server has its own user and permissions. For security reasons that user is pretty restricted. Apache, for instance, is often apache, www-data or httpd (depending on your server). A cron job or CLI execution has whatever permissions that the user running it has (i.e. running a PHP script as root will execute with permissions of root).
A lot of times people will solve a permissions problem by doing the following (Linux example)
chmod 777 /path/to/file
This is not a smart idea, because the file or directory is now world writable. If you own the server and are the only user then this isn't such a big deal, but if you're on a shared hosting environment you've just given everyone on your server access.
What you need to do is determine the user(s) that need access and give only those them access. Once you know which users need access you'll want to make sure that
That user owns the file and possibly the parent directory (especially the parent directory if you want to write files). In most shared hosting environments this won't be an issue, because your user should own all the files underneath your root. A Linux example is shown below
chown apache:apache /path/to/file
The user, and only that user, has access. In Linux, a good practice would be chmod 600 (only owner can read and write) or chmod 644 (owner can write but everyone can read)
You can read a more extended discussion of Linux/Unix permissions and users here
Look at the exact error
My code worked fine on all machines but only on this one started giving problem (which used to work find I guess). Used echo "document_root" path to debug and also looked closely at the error, found this
Warning:
include(D:/MyProjects/testproject//functions/connections.php):
failed to open stream:
You can easily see where the problems are. The problems are // before functions
$document_root = $_SERVER['DOCUMENT_ROOT'];
echo "root: $document_root";
include($document_root.'/functions/connections.php');
So simply remove the lading / from include and it should work fine. What is interesting is this behaviors is different on different versions. I run the same code on Laptop, Macbook Pro and this PC, all worked fine untill. Hope this helps someone.
Copy past the file location in the browser to make sure file exists. Sometimes files get deleted unexpectedly (happened with me) and it was also the issue in my case.
Samba Shares
If you have a Linux test server and you work from a Windows Client, the Samba share interferes with the chmod command. So, even if you use:
chmod -R 777 myfolder
on the Linux side it is fully possible that the Unix Group\www-data still doesn't have write access. One working solution if your share is set up that Windows admins are mapped to root: From Windows, open the Permissions, disable Inheritance for your folder with copy, and then grant full access for www-data.
Add script with query parameters
That was my case. It actually links to question #4485874, but I'm going to explain it here shortly.
When you try to require path/to/script.php?parameter=value, PHP looks for file named script.php?parameter=value, because UNIX allows you to have paths like this.
If you are really need to pass some data to included script, just declare it as $variable=... or $GLOBALS[]=... or other way you like.
Aside from the other excellent answers, one thing I overlooked on Windows while writing a simple script: This error will be shown when trying to open a file with characters that Windows does not support in file names.
For example:
$file = fopen(date('Y-m-d_H:i:s'), 'w+');
Will give:
fopen(2022-06-01_22:53:03): Failed to open stream: No such file or directory in ...
Windows does not like : in file names, as well as a number of other characters.
The following PHP settings in php.ini if set to non-existent directory can also raise
PHP Warning: Unknown: failed to open stream: Permission denied in
Unknown on line 0
sys_temp_dir
upload_tmp_dir
session.save_path
PHP - Failed to open stream : No such file or directory in mac
For example I will upload a picture. But I am getting this error. First thing i will do right click on the image and get info.
$thePathOfMyPicture = "/Users/misstugba/Desktop/";
use with function
if(move_uploaded_file($_FILES["file"]["tmp_name"],$thePathOfMyPicture.$_FILES["file"]["name"])){
echo "image uploaded successfully";
}
For me I got this error because I was trying to read a file which required HTTP auth, with a username and password. Hope that helps others. Might be another corner case.
Edit
You can check if this type of authentication is present by inspecting the headers:
$file_headers = get_headers($url);
if (!$file_headers) echo 'File headers missing';
else if (strpos($file_headers[0], '401 Unauthorized') > -1) echo '401 Unauthorized';
In PHP, start Apache then write you DB name and password if exist in your environment(.env).
I have a VPS using FastCGI (WHM/cPanel). As I understand it, open_basedir must be set using a php.ini file in each user's /home/ directory (E.g.: setting it globally in apache config file will not work).
I want to use open_basedir for improved security, as I recently had a hack that involved traversing through different user's directories
I have added this value to a home directory's php.ini file:
open_basedir = /home/USERNAME/public_html:/usr/lib/php:/usr/local/lib/php:/tmp
What I want to know is, is there a way to test that this is functioning properly? Presumably I would want to try and execute a .php file in another user's directory from within that first user...however I don't know of a good way to test this. Any suggestions would be greatly appreciated.
Try listing the contents of a different user's public_html folder:
<?php
print_r(shell_exec('ls /home/$anotheruser/public_html/'));
?>
If open_basedir is configured properly, you will see a directory listing for that folder.
I'm replacing an older version of mediawiki and installing mediawiki 1.16.5, but I was presented with the following warning:
"Warning: Your session.save_path value (C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp) appears to be invalid or is not writable. PHP needs to be able to save data to this location for correct session operation."
I continued with the installation anyway and it caused various problems; mediawiki is very slow, and when I edit a page and save, an error telling me the same as above is displayed at the bottom of the page.
I've checked the path and the 'temp' folder is read-only. If I un-check the read-only option and apply it, it returns to read-only. I'm not quite sure what to do, since the older version of mediawiki worked fine before with the folder settings this way.
I'm having a total brain-fart today, does anyone know how I can fix this?
I cannot help you with folder privileges under Windows.
But you can simply find your appropriate php.ini (check output of phpinfo() if in doubt), find some folder which is world writable (or at least writable for the webserver) and add/replace
session.save_path=C:/path/to/folder
there. You will have to restart the webserver for this to take affect.
When using mod_php with apache you can also put the line
php_value session.save_path=C:/path/to/folder
into a .htaccess or into your (v)host definition in the httpd.conf. Not sure for other webserver/sapi.
What I want do to is to include 'file1.php' from 'domain1' into 'file2.php' on 'domain2'. So what I figured I should do is something like this:
file2.php
require_once '/var/www/vhosts/domain1/httpdocs/file1.php';
But this won't work for reasons I can't truly grasp. So what I did was to add my path to the include path. Something like:
file2.php
set_include_path(get_include_path() . PATH_SEPARATOR . "/var/www/vhosts/domain1/httpdocs");
require_once 'file1.php';
So can you please give me some hints as of where I'm doing wrong ?
Thanks
UPDATE - Either way I get the following error message:
Fatal error: require() [function.require]: Failed opening required '/var/www/vhosts/domain1/httpdocs/file1.php' (include_path='.:/php/includes:/usr/share/pear/') in /var/www/vhosts/domain2/httpdocs/file2.php on line 4
Also I have tried this both with safe_mode On and Off.
UPDATE2: Also I've changed the permissions to 777 on my test file and I've double-checked the paths to the include file in bash.
SOLUTION: I've managed to solve the mystery! My hosting company uses Plesk to manage domains and such. Also the error reporting level in php.ini was not E_ALL. When I set error reporting to E_ALL I got a warning saying:
Warning: require() [function.require]: open_basedir restriction in effect.
So I went in /var/www/vhosts/domain2/conf/httpd.include and edited the open_basedir path. Note that this is not a durable solution since this config file is rewritten by plesk each time the domain config is changed. What you should do is edit (or create) the 'vhost.conf' file in the same directory and then run:
/usr/local/psa/admin/sbin/websrvmng --reconfigure-vhost --vhost-name=DOMAIN.TLD
This should reconfigure the settings for your domain but for some strange reason it won't work with open_basedir. I can modify other things like document_root but it won't change open_basedir, but that's another problem :D
SOLUTION FINAL: For those with the same problem here is the final code that worked. I just added this in /var/www/vhosts/domain2/conf/vhost.conf (you can change '/var/www/vhosts' to '/' or anything you like):
<Directory /var/www/vhosts/DOMAIN.TLD/httpdocs>
<IfModule mod_php5.c>
php_admin_flag engine on
php_admin_flag safe_mode off
php_admin_value open_basedir "/var/www/vhosts"
</IfModule>
Options -Includes -ExecCGI
</Directory>
Thank you all guys!
You can not accomplish this if open_basedir is in effect, which prevents PHP from traversing out of the home directory.
What you can do is make sure that docroot1 and docroot2 are owned by users in the same group, set group permissions accordingly and use a symbolic link from docroot2 to docroot1 to read the other web root.
Or, re-build PHP and let it just follow typical *nix permissions like every other process :)
You can include files from anywhere you want, unless your PHP script's permissions, or the safe mode prevent it. Your first approach is perfectly fine. What errors do you get?
Re the comments, that seem to confirm that there is no access from within PHP to a file that definitely exists. As to what it could be, Suhosin having been ruled out, the only thing I can think of is PHP or Apache being some kind of a a chroot Jail:
The main benefit of a chroot jail is that the jail will limit the portion of the file system the daemon can see to the root directory of the jail. Additionally, since the jail only needs to support Apache, the programs available in the jail can be extremely limited. Most importantly, there is no need for setuid-root programs, which can be used to gain root access and break out of the jail.
I have never worked with anything like this so I can't tell you how to spot it (apart from doing a glob() on /var/www/vhosts and see what comes up. But I think this would have to have been set up by an administrator. Who runs your machine?
This works on a couple of machines i manage
ini_set("include_path",".:/hsphere/local/home/user_name/other_domain.com");
require "filename.php";
I sit here wondering why You didn't jus do a symlink. Or did I mis something?
You could symlink a folder with needed includes to the path You have access to.
If the error relates to permission (and not file_not_found), whether the location is within documentRoot or Outside it, then the issue is usually selinux. Do not chmod 777 as it is risky without any real benefit; but instead just tell selinux that you are aware of this access by issuing this:
chcon -R -t httpd_sys_rw_content_t /full-path-to-target-folder/
Or let Apache own this as well by issuing the two:
chown -R apache /full-path-to-target-folder/
chcon -R -t httpd_sys_rw_content_t /full-path-to-target-folder/
Also, symbolic links as advised by others, here and other related answers elsewhere, is only necessary if you want to access the file as client. For internal code access, the links are not necessary security-wise.
Try chmod 777 on a test php file to see if that works, if it does you have permission issues.
Also do a simple phpinfo() and see if save mode is on.
what you are using is bad practice. put the dependent code into domain specific. Duplicating the same code is the right approach as it does not affect the operation of both sites.
Try creating the symlink of file1.php and included that as if it is from the local directory.
also make sure that .htaccess has the followsymlink option set to true
how about trying this in your file2.php in domain2?
require_once '../../../domain1/httpdocs/file1.php';
What happens if you try to require a different file:
// test.php
<?php
echo 'Hello World';
?>
// your file
require_once('test.php');
Does that work? If so, put test.php in the other location and try it again. Does it still work?