I was having problems with my PHP website (SuiteCRM) not being able to log users in and I found it was due to not being able to write on the sessions directory.
I am able to fix it by creating the directory /tmp/php_sessions and giving it write permissions for the Apache user www-data. I see the directory get populated with files as users log in.
However, Ubuntu Xenial is deleting my entire tmp directory on reboots, so I have to redo this all over again every time. I decided to move my save_path elsewhere.
After changing things in my php.ini file, and restarting Apache, I can check that they are effective by running this simple script:
<?php
echo ini_get("session.save_path");
phpinfo();
?>
This shows me a double confirmation of the new path, first echoing /var/tmp/php_sessions and then, in the middle of all the phpinfo information, showing the same value as both Local Value and Master value for directive session.save_path.
BUT the directory that php is using is still the first one, /tmp/php_sessions! It seems that my setting is being ignored.
Am I overlooking something? Where could that old setting be buried? Or how can I make the new one effective?
(P.S. - I am not using a redis handler as in another similar SO question)
Ok, I solved my own problem and the general answer is as follows:
There are two more things that can be changing the path and need to be checked,
the PHP code of the application might be changing the ini directive, search the code for ini_set(session.save_path
the PHP code might be using the session_save_path PHP command to override the ini. Search the code for that also (and notice the two underscores _!)
And the specific answer for my case was that SuiteCRM uses session_save_path command to set its path with a value coming from the file config.php found at the web root. That's where I found the old setting, and changing it solved my problem (for good, I hope).
Related
I have just setup the LAMP server on Debian. The initial tests were fine. After that, I've decided to change the home directory from "/var/www/" to something like "/home/user/public_html/". I did this changes in "/etc/apache2/sites-available/default".
The problem I am facing now is, that the PHP does not work in the new home folder. PHP sites are now parsed as text files and I can see the full source in browser (when clicking on view page source).
What can I do, that the PHP will also work under that path (and not only under /var/www)?
Look in php.ini in your php folder. There should be entries to change to 'doc_root' as well as 'extension_dir'. Make sure these are set, then restart Apache and it should work.
I'm trying to get a file's content into a variable but I don't get anything when I read the file. I used both methods JFile::read() and file_get_contents() but both return the same thing: a blank string, not an error , not any boolean values or anything.
I want to mention that I'm working on a Linux machine (just for 2 days) and recently I changed the permissions for the entire machine to 777 ( I don't know if this affects something or not).
Is the a connection between my OS, permissions and the php's file_get_contents()? or Joomla restricts file reading?
Also I want to mention that my file_get_contents() function was added manually by me in the index.php file , also the file I want to read was manually added in the same folder with index.php.
We had the same problem with one of our clients, it turned out it was a firewall issue. It was very hard to debug this issue. I suggest you check with your networking team.
I am assuming, of course, that you have set the PHP error reporting level to the maximum and that you have checked the error logs.
It seemed the problem was from my system . I messed it up when I changed the permissions so I have to re-install it.
Never change the permissions on a Linux for the entire file system.
I am using xampp on chrome in a mac and I can't access phpMyAdmin. I used to get a error on the site, but I changed the session.save_path in the configuration file and it opened put now every time I try to press something it gives me an error saying Error: Token mismatch.
Here is the error I am getting:
Here's a link of the same image: http://ninjas.zxq.net/error
Does anybody know why this is happening?
I found the answer.
Go to your php.ini file in Applications>XAMPP>xamppfiles>etc>php.ini
around line 1507 uncomment the line
;session.save_path = "/tmp"
by removing the semicolon. This worked for me right away.
simply changing the tmp path wasn't enough for me..
verify in your browser that you accept cookies and that adblock etc.. is disabled.
although having said that if you've managed to post to this site all that is probably under control :)
I had the same issue, except none of the answers solved my problem. (Localhost with Xampp on Windows 10, using Chrome.)
After some time I figured out that you have to manually delete browser cookies etc to let it refresh/reset the token.
My problem solution was something different again.
I had a user script that was active on the page. In my case it was a TamperMonkey script, but GreaseMonkey, ViolentMonkey, etc could do the same thing.
As soon as I disabled TamperMonkey, problem solved.
First I disabled TamperMonkey completely, using the Enable/Disable checkbox on the icon, to test the theory in general. Problem went away. So then I identified the specific script that was active on the phpMyAdmin page, and I was able to just disable that one script to solve the problem.
Note that the problem script did not in any way modify the phpMyAdmin page - I reduced it to a literally empty script that was loaded onto every webpage. However, just loading itself (an empty, do-nothing script) onto the phpMyAdmin page enough to cause the problem.
Find your php.ini (php -i|grep php.ini) if nginx edit /etc/php5/fpm/php.ini if fpm used.
Uncomment ;session.save_path ="/tmp"
Restart apache or if you use nginx - /etc/init.d/php5-fpm restart
Check /tmp directory to make sure sessions are getting saved there. if you see something like "sess_h820h8ja6pl4bhdmqflngeui23" then your are done.
Okay, I've tried everything, this is by far the best place it seems, I want to make Document Root here httpdocs/[folder]/html and I have php include files that I want to go above the root (require '../[folder]/file.php'] but not be able to access further than /var/www/vhosts/example.com/httpdocs. I know I'm being limited by open_basedir because the value is still httpdocs/[folder]/html in phpinfo() but for the life of me I can't change that local value!
This is what I've tried so far:
I've seen this - How to include file outside document root? - and created a 'vhost.conf' that is stil sitting in the conf directory, reconfigured the file, restarted apache...nothing. It's a good post but it seems a little out of date.
I edited php.ini itself to open_basedir = '/var/www/vhosts/example.com/httpdocs, uploaded it back up to where it was, reconfigured, restarted - nothing
I pulled out 'httpd.conf' edited it by adding the same lines from the other conf file,(vhost.conf), put it back in - nothing, I then tried to do what godaddy says here - http://help.godaddy.com/article/1616 and added the line php_admin_value open_basedir none' to 'httpd.conf - with no luck either.
It is now 0435 and I can barely keep my eyes open - this site is suppose to launch tomorrow at 2000! Thanks in advance to anyone who is willing/able to read and/or help.
Update: Thanks for a quick response, here are the best answers I can give you:
Does it give you an error?
Yes, I get a server error and through my server error log, specifically:
PHP Warning: require() [function.require]: open_basedir restriction in effect. File(/var/www/vhosts/[example.com]/httpdocs/[folder]/[folder where secure php files exist]/[file.php]) is not within the allowed path(s):
So I'm 99.99% sure its because of the open_basedir restriction.
Are you sure that your webserver is set as the owner of vhosts/ ?
I'm pretty sure, I'm kinda new to controlling servers and I don't really know what that means exactly but I have a virtual dedicated server through Godaddy, running Parallels Plesk v10.3.1, I did the above file moving going through Shell SSH.
In Plesk, I can change the 'Document root' to anything below /var/www/vhosts/example.com and Plesk will change the 'open_basedir' to anything I set. For example, If I set the document root to 'httpdocs' in Plesk then 'open_basedir' is changed to the same folder and everything works fine. The problem is I don't want public access to everything in /httpdocs/[folder]
My goal is I want to change 'document root' to /httpdocs/[folder]/html and 'open_basedir to /httpdocs but I can't change that local value in open_basedir for some reason. I want to do this for security purposes so people can only directly access the non important php files, but php itself I want to give more access to folders.
Are you trying to include using relative or absolute paths?
My paths in the php file that I'm trying to include/require to files above 'document root' looks exactly like this format:
require '../[folder where secure php files exist]/file.php';
If I'm understanding you correctly, I'm not using the entire path of the server.
ANSWER: (This was changed to the answer):
Apparently, in Plesk 10, Plesk's program sets whatever the 'document root' path will be, to the 'open_basedir' BUT there is no user friendly way to change 'open_basedir' in Plesk 10!!!
So instead it is a little bit of a hack, you have to first go here:
/usr/local/psa/admin/conf/templates/default/service/php.php
Then change both of these lines in the file, (line 11 and 29):
echo "php_admin_value open_basedir {$OPT['dir']}/:/tmp/\n";
to this:
echo "php_admin_value open_basedir /var/www/vhosts/[your.domain]/httpdocs/:/tmp/\n";
or to wherever you want the restriction to stop.
Then make sure your run these lines is SSH:
/usr/local/psa/admin/sbin/httpdmng --reconfigure-all
/etc/init.d/httpd stop
/etc/init.d/httpd start
But I'm having a new problem now. The 'document root' is pointing to the correct folder:
/var/www/vhosts/[my.domain]/httpdocs/[folder]/html
without any error however when the server gets to a:
require '../[folder]/[file.php]';
It skips through it like its not even there! Not giving me an error msg or anything. It's also skipping all my embedded css files, js files, images, videos...its not going to any of the directories! I have a feeling it's a 'php.ini' setting or something weird that Plesk is doing.
Solved: The last issue was because I never worked with accessing files above the root. PHP is allowed to go above the root but you can't do this:
src="../img/imagefile.jpg"
in HTML.
So after restructuring all my site files my website is now up and running! Thanks to all that helped, hopefully someone won't have to do that again. Also, I saw a post where Plesk is updating this because it is a big issue. Someone who works for Parallels said, http://forum.parallels.com/showthread.php?t=113236 this will be an option in the next version, so until then it's hack time!!
I'm working with a legacy php script. There is a file upload form in it already, but I've added another one for a different section in the same script.
The $_file['file'] is there. But I keep getting a open_basedir restriction error, and if not that, I get a permission error.
I wouldn't mind working around these problems, but the thing is, the other form works fine. There are no differences in where the scripts are (same dir), nor are there any problems in where the files are going (I tried different dir, and same dir).
I'm going absolutely bat crazy trying to figure this out. Why is my file form not working? Why does it work for the other code? What is going on?
I've had similar issues which turned out to be to do with incorrect setting of the /tmp directory by the hosting provider (i.e. where PHP stores the temporary upload file). Might be worth a call to tech support.
Doesn't it have to be $_FILE['file'] instead of $_file['file']?
safe mode forces move_uploaded_file() to check whether the files or directories being operated upon have the same UID (owner) as the script that is being executed.
I would also recommend looking for ini_set() statements in the working code.
i dont know if you suffer from the same problem, but some time ago we had a problem with open_basedir and smarty. we were receiving problem from smarty code, but the problem was bad include_path (we were setting it through ini_set but without concatenating it with old include_path). in the result smarty tried to check if directory was readable creating possible path from root directory / which violated open_basedir. to sum up, check where do you get open_basedir error, what is the path that causes the problem.