I have been having trouble using a file upload script on my server - came to the conclusion that this was because PHP was being run on Apache Module so reconfigured PHP to run as FastCGI.
Unfortunately now when I try to upload a file via uploadify I get the error
Warning: move_uploaded_file()[function.move-uploaded-file] open_base_dir restrictions in effect. File(/var/www/vhosts/domain.com/uploads/filename.txt) is not within the allowed path(s):(/var/www/vhosts/domain.com/httpdocs:/tmp) in .....
It then refers me to line 32 of my script which reads:
move_uploaded_file($tempFile,$targetFile);
$tempFile is as follows:
$tempFile = str_replace(" ","",$_FILES['Filedata']['tmp_name']);
I have tried altering my vhost.conf file in numerous ways bit without success - it currently stands as
<Directory /var/www/vhosts/domain.com/httpdocs>
<IfModule sapi_apache2.c>
php_admin_flag engine off
php_admin_flag safe_mode on
php_admin_value open_basedir none
<IfModule mod_php5.c>
php_admin_flag engine on
php_admin_flag safe_mode off
php_admin_value open_basedir none
</IfModule>
</Directory>
I seem to be going round in circles - it seems that the tmp directory is not being found
If it's your server and you can actually mess around with configuration, you can turn off the open_basedir in your php.ini, reload PHP and try if it works. safe_mode should be turned off in PHP by default as this option causes only problems.
Or you can try following:
<Directory /var/www/vhosts/domain.com/httpdocs>
php_admin_value open_basedir "/var/www/vhosts/domain.com/httpdocs/:/tmp/:/var/www/vhosts/domain.com/uploads/"
</Directory>
Same can apply for the php.ini if you decide to set the config there.
Related
I've installed EasyPHP WAMP for local development only (I'm not hosting any websites).
Is there a way to set custom php settings for separate virtual hosts?
Currently and out-of-the-box, the php.ini file is loaded from: C:\Program Files (x86)\EasyPHP-DevServer-14.1VC11\binaries\php\php_runningversion\php.ini It would be nice if, say, I could drop in a custom php.ini file into the virtual host directory to override settings in the original php.ini This way, I could better emulate a production server's environment on a per-site basis.
I've seen this work with online hosting accounts. But I can't figure out how to make this work on my machine.
Using custom php.ini files is pretty straighforward for CGI/FastCGI based PHP installations but it isn't feasible when running PHP as Apache module (mod_php) because the whole server runs a single instance of the PHP interpreter.
My advice:
Set from PHP itself as many settings as you can:
ini_set('memory_limit', '16M');
date_default_timezone_set('Europe/Madrid')
...
In other words, directives that can be changed at runtime.
Set the rest of stuff from per-directory Apache setting files (aka .htaccess):
php_flag short_open_tag off
php_value post_max_size 50M
php_value upload_max_filesize 50M
i.e., settings that need to be defined before the script starts running
Please have a look at the Runtime Configuration for further details.
Sometimes, you'll actually need different settings in development and production. There're endless ways to solve that with PHP code (from creating a boolean constant from the $_SERVER['HTTP_HOST'] variable to just having a config.php file with different values) but it's trickier with .htaccess. I normally use the <IfDefine> directive:
<IfDefine DEV-BOX>
#
# Local server directives
#
SetEnv DEVELOPMENT "1"
php_flag display_startup_errors on
php_flag display_errors on
php_flag log_errors off
#php_value error_log ...
</IfDefine>
<IfDefine !DEV-BOX>
#
# Internet server directives
#
php_flag display_startup_errors off
php_flag display_errors off
php_flag log_errors on
php_value error_log "/home/foo/log/php-error.log"
</IfDefine>
... where DEV-BOX is a string I pass to the local Apache command-line:
C:\Apache24\bin\httpd.exe -D DEV-BOX
If you run Apache as service, the -D DEV-BOX bit can be added in the Windows registry, e.g.:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Apache2.4\Parameters\ConfigArgs
Related: Find out how PHP is running on server (CGI OR fastCGI OR mod_php)
Developing Multiple Domains on One Machine?
Embedding php.ini settings in the httpd-vhost.conf, typically found in your server root under conf/extra/, is a great way to solve this common problem. If you never knew you could do this, see the PHP.net Manual under How To Change Configuration Settings. This will solve the pesky include_path problem, without adding configuration code to your bootstrapping code or anything else.
Of course, to use this effectively as localhost, you would need to make copies of a <VirualHost> block and configure each accordingly. Then, comment out all virtual host blocks except the one that you want to use!
Alternatively, one could start Apache with the -f option to point the server daemon to a different httpd.conf upon starting. Each httpd.conf would require an "if module block," such as and <IfModule phpx_module> block. Be sure to remember to account for Apache logging!
httpd -f /usr/local/apache2/conf/domains/fooDomain.conf
httpd -f /usr/local/apache2/conf/domains/barDomain.conf
Virtual Host Block With php.ini statements.
<VirtualHost 127.0.0.1:80>
UseCanonicalName On
ServerName localhost:80
ServerAdmin you#localhost
CustomLog "/var/www/someDomain.com/data/logs/httpd_access_log" common
ErrorLog "/var/www/someDomain.com/data/logs/httpd_error_log"
LogLevel warn
DocumentRoot "/var/www/someDomain.com/public"
<Directory "/var/www/someDomain.com/public">
# disable directory listing
Options -Indexes +FollowSymLinks
AllowOverride FileInfo
Require all granted
</Directory>
<IfModule alias_module>
# Alias /webpath /full/filesystem/path
ScriptAlias /cgi-bin/ "/var/www/someDomain.com/scripts/cgi-bin/"
</IfModule>
<IfModule php7_module>
# Use php7_module in opening statement above if on PHP 7+
# Domain specific PHP configuration options.
# The Apache process user must own any of the following directories.
php_admin_value include_path "/var/www/someDomain.com/application/controllers:/var/www/someDomain.com/application/models:/var/www/someDomain.com/application/views"
# Errors and Logging
php_admin_flag display_startup_errors off
php_admin_flag display_errors off
php_admin_flag html_errors off
php_admin_flag log_errors on
php_admin_value error_log "/var/www/someDomain.com/data/logs/php_error_log"
# File Related
php_admin_flag file_uploads on
php_admin_value upload_tmp_dir "/var/www/someDomain.com/data/uploads"
php_admin_value upload_max_filesize 10M
php_admin_value max_file_uploads 5
# Sessions
php_value session.save_handler "files"
php_value session.save_path "/var/www/someDomain.com/data/sessions"
# Caching
php_value soap.wsdl_cache_dir "/var/www/someDomain.com/data/cache/sopa.wsdl"
</IfModule>
</VirtualHost>
If you could use the %{SERVER_NAME} variable in conjunction with the <IfModule phpx_module> blocks to form a compound conditional, you could have just one httpd.conf`, or include a extra/php.conf with all the domain specific PHP.ini settings (in blocks, also). However, as long as "localhost" is the domain target, it will not do what you want. Thus, my answer in the virtual host block above.
Simple way to use custom php.ini file for vhost using Fast CGI is to copy the php.ini into a folder in the host like "customini".
After that to your vhost directive and add this simple line :
FcgidInitialEnv PHPRC "/path_to_your_custom_ini_dir_for_this_vhost/"
BE SURE TO HAVE / to your path no \, (it won't work with \)
Restart Apache.
That's all!
Full sample (on Windows Server here) :
<VirtualHost *:80>
DocumentRoot "C:/APACHE/htdocs/vhost/myvhost"
ServerName www.vhost.com
FcgidInitialEnv PHPRC "C:/APACHE/customini/myvhost/"
</VirtualHost>
Several commentors have mention Vagrant which is an excellent solution.
If you're not interested in using Vagrant, you can investigate using FastCGI as your interface to Apache and using the SetEnv PHPRC... suggestion proposed on this blog:
Apache & PHP: Multiple PHP.ini Configuration Files (Sunday, February 8, 2009)
Source: http://hyponiq.blogspot.com/2009/02/apache-php-multiple-phpini.html
The second work-around is to use the PHPRC environment variable
configurable in Apache using the SetEnv directive. This directive
allows you to set an environment variable that is then passed to any
CGI script and/or Server Side Include (SSI) set in any static (x)HTML
page (or other document type). In this instance, you'd be telling each
PHP-CGI instance where to find its configuration settings. The example
would be (coinciding with the previous one):
# vhosts.conf
NameVirtualHost *:81
<VirtualHost *:81>
ServerAdmin admin#example.com
ServerName vhost.example.com
DocumentRoot "C:/path/to/doc/root"
ErrorLog "logs/vhost.example.com-errors.log"
# Set the PHPRC environment variable
SetEnv PHPRC "C:/path/to/doc/root/php.ini"
<Directory "C:/path/to/doc/root">
# ... yadda, yadda, yadda ...
# you get the point!
</Directory>
</VirtualHost>
However, the PHP documentation changing the runtime
configuration
suggests that you can use certain values like php_value to try
loaalong with, possibly the SetEnv directive.
He suggests another option not using FastCGI, instead leveraging the php_value, php_flag etc. configuration options.
Other's seem to have had some success with executing scripts through FastCGI though, see: Separate php.ini for different virtual hosts
Other suggestions involve the PHPINI directive, which may be pertinent for your needs, see: How do I limit PHP apps to their own directories and their own php.ini?
I have a small project in local. I'm working under Windows and with XAMPP. My file directory structure is:
Root directory: C:\xampp\htdocs\routes
Under this folder, I have my bootstrap.php with the configuration I want to initialize my project.
Public folder: C:\xampp\htdocs\routes\htdocs
Under this folder I have my index.php and my .htaccess.
Inside this .htaccess I have the following configuration:
php_value include_path .:/routes
php_value auto_prepend_file bootstrap.php
If I do a get_include_path() inside the index.php, it shows ".:/routes".
But the message I get on my web browsers (after typing http://localhost/routes/htdocs) all the time is:
Fatal error: Unknown: Failed opening required 'bootstrap.php' (include_path='.:/routes') in Unknown on line 0
I have tried a lot of combinations of include_path inside the .htaccess:
php_value include_path ".:/routes"
php_value include_path .:../routes
php_value include_path ".:./routes"
php_value include_path ".:routes"
...
The configuration of my httpd.conf is:
DocumentRoot "C:/xampp/htdocs"
<Directory />
AllowOverride none
Require all denied
</Directory>
<Directory /routes>
AllowOverride all
</Directory>
If I hard code the info in bootstrap inside the index.php, it works (at least this tells me the requirements inside bootstrap are well configured).
I don't know what to do for my project to recognize the bootstrap.php.
What am I missing? What am I doing wrong?
Thank you in advance for your help
First, the <Directory> block has no effect for include. Since this is not an Apache query, but rather a preprocessing order.
Second, use absolute paths in your include_path, to make it independent from where your files are sitting.
Third, make sure the path to bootstrap.php is openable by the user your webserver runs as, and that the file itself is readable.
if you are using Windows it should be ;
php_value include_path ".;./routes"
I have an Apache 2 web server that allows access to the public_html directory for each user via mod_userdir, like this:
<IfModule mod_userdir.c>
UserDir public_html
UserDir disabled root
<Directory /home/*/public_html>
# [*] configuration here
</Directory>
</IfModule>
I would like to additionally configure PHP's open_basedir directive to forbid file access outside the user's homedir. For user jim, the directive would be
php_admin_value open_basedir "/home/jim/"
Question: Does Apache offer a way to do this through a variable at the spot marked [*] above, something like the following?
<Directory /home/*/public_html>
php_admin_value open_basedir "${APACHE_CURRENT_DIRECTORY}"
</Directory>
I don't know much about mod_php, but this should work. I assume that your APACHE_CURRENT_DIRECTORY variable is supposed to point to the current directory context, so just placing a "." will take care of it (unless mod php doesn't behave). Let me know how it goes.
<Directory /home/*/public_html>
php_admin_value open_basedir "."
</Directory>
I was able to install PHPMyAdmin through the command line on my new Ubuntu server. But now when I try to access it I get "You don't have permission to access /phpmyadmin/index.php on this server.".
I believe it has to do with these lines in the .conf file for it since they refer to mod_php and I am using php-fastcgi instead of mod-php (for memory usage purposes).
<IfModule mod_php5.c>
AddType application/x-httpd-php .php
php_flag magic_quotes_gpc Off
php_flag track_vars On
php_flag register_globals Off
php_admin_flag allow_url_fopen Off
php_value include_path .
php_admin_value upload_tmp_dir /var/lib/phpmyadmin/tmp
php_admin_value open_basedir /usr/share/phpmyadmin/:/etc/phpmyadmin/:/var/lib/phpmyadmin/
</IfModule>
I have tried commenting out the tags, but the php settings don't work outside of it so there must be a way to do this with PHP FastCGI. Does anyone know how to do this?
I am new to using PHP FastCGI.
Turns out I just had to add to the option "ExecCGI" to the apache.conf file for PHPMyAdmin. I had to put this under (within) the directory tag.
You need to check the file ownership if it is for web user, on phpmyadmin directory
XAMPP makes configuring a local LAMP stack for windows a breeze. So it's quite disappointing that enabling .htaccess files is such a nightmare.
My problem:
I've got a PHP application that requires apache/php to search for an /includes/ directory contained within the application. To do this, .htaccess files must be allowed in Apache and the .htaccess file must specify exactly where the includes directory is.
Problem is, I can't get my Apache config to view these .htaccess files. I had major hassles installing this app at uni and getting the admins there to help with the setup. This shouldn't be so hard but for some reason I just can't get Apache to play nice.
This is my setup:
c:\xampp
c:\xampp\htdocs
c:\xampp\apache\conf\httpd.conf - where I've made the changes listed below
c:\xampp\apache\bin\php.ini - where changes to this file affect the PHP installation
It is interesting to note that c:\xampp\php\php.ini changes mean nothing - this is NOT the ini that affects the PHP installation.
The following lines are additions I've made to the httpd.conf file
#AccessFileName .htaccess
AccessFileName htaccess.txt
#
# The following lines prevent .htaccess and .htpasswd
# files from being viewed by Web clients.
#
#<Files ~ "^\.ht">
<Files ~ "^htaccess\.">
Order allow,deny
Deny from all
</Files>
<Directory "c:/xampp/htdocs">
#
# AllowOverride controls what directives may be placed in
# .htaccess files.
# It can be "All", "None", or any combination of the keywords:
# Options FileInfo AuthConfig Limit
#
AllowOverride All
#
# Controls who can get stuff from this server.
#
Order allow,deny
Allow from all
</Directory>
The following is the entire .htaccess file contained in:
c:\xampp\htdocs\application\htaccess.txt
<Files ~ "\.inc$">
Order deny,allow
Deny from all
</Files>
php_value default_charset "UTF-8"
php_value include_path ".;c:\xampp\htdocs\application\includes"
php_value register_globals 0
php_value magic_quotes_gpc 0
php_value magic_quotes_runtime 0
php_value magic_quotes_sybase 0
php_value session.use_cookies 1
php_value session.use_only_cookies 0
php_value session.use_trans_sid 1
php_value session.gc_maxlifetime 3600
php_value arg_separator.output "&"
php_value url_rewriter.tags "a=href,area=href,frame=src,input=src,fieldset="
The includes directory exists at the location specified.
When I try to access the application I receive the following error:
Warning: require(include.general.inc) [function.require]: failed to open stream: No such file or directory in C:\xampp\htdocs\application\menu\logon.php on line 21
Fatal error: require() [function.require]: Failed opening required include.general.inc (include_path='.;C:\xampp\php\pear\random') in C:\xampp\htdocs\application\menu\logon.php on line 21
The include path c..\random\ is specified in the php.ini file listed above. The XAMPP install fails to allow another include path as specified in the htaccess.txt file.
I'm guessing there's probably an error with the httpd.conf OR the htaccess.txt file.. but it doesn't seem to be reading the .htaccess file. I've tried to be as thorough as possible so forgive the verbosity of the post.
Now I know a workaround could be to simply add the include_path to the PHP file, but I'm not going to have access to the php.ini file on the location I plan to deploy my app. I will, however, be able to request the server admin allows .htaccess files.
renamed htacces.txt to .htaccess and ammended the appropriate directives in the httpd.conf file and all seems to work. The application suggested the naming of htaccess.txt and the ammended directives in the httpd. These are obviously wrong (at least for a XAMPP stack).
By the way, using ini_set() is a much friendlier way if the app needs to be deployed to multiple locations so thanks especially for that pointer.
Why do you need to rename .htaccess to htaccess.txt
Try setting the include_path using set_include_path() and see if that helps (as an intermediate fix)
Verify which php.ini to use through a phpinfo()
You can alter the include_path on each request using ini_set(). This would avoid having to use htaccess at all.
My htaccess works under XAMPP fine - though some modules are disabled by default - are you sure that the modules you want are enabled?
I think the searchprase you are looking for is:
AllowOverride All
My guess is that within xampp you need to enable AllowOverride (through an .htaccess) in httpd.conf. It's a simple security measure that prevents newbies from installing a hackable platform :P
You need to enable AllowOverride All in main http.conf file. Look inside XAMPP_DIR/apache/conf/http.conf)
Simply Do this:
open file ...\xampp\apache\conf\httpd.conf
find line "LoadModule rewrite_module modules/mod_rewrite.so"
if here is a # before this line remove it.(remove comment)
its working