I'm building a webpage which has a page allowing users to log in, called login.php. This page is located in the same root directory as my index.html page. When I open up index.html and go to click on the login link, I get this error message:
Fatal error: Unknown: Failed opening required '/websites/testsite.com/www/login.php' (include_path='.:/usr/share/pear') in Unknown on line 0
I have no idea why this isn't working because my index page (and every other page that I have made thus far) links to that same login.php page, which exists in the same directory. Any advise?
If it helps, I'm running Arch Linux with Apache HTTPD 2.2 and PHP 5.3.8. Thank you!
EDIT:
I forgot to mention some extra information. Since I'm working on this website with another person, we each have "local" copies of this website in our user directories. (I say local, but it's really our user directories on the same server which is hosting the public version of this website). Apache is set up to allow user directories (http://thisismytestwebsite.com/~myusername), which is how we view our "local" copies. When I go to click on the login link, the page loads up fine. Everything that we have is backed up using Git, and everything that we have is synchronized properly (we just checked).
Check if the file you're trying to open exists, and that the path is an absolute path.
It's fairly easy to generate a relative path from one file to another:
dirname(__FILE__) . "/../include.php";
Will include the file 'include.php' from one folder up from where the current file is.
__FILE__ is a magic PHP constant, use it!
Probably the apache process is blocked from reading the index.php file due to file system permissions.
Try to adjust permissions (chmod) and ownership (chown) of the file according to your working index.html
Related
I have a website that is written in four different languages (written in PHP). For every page I need to go through an index.php file. Is it allowed to have an index.php file inside every language folder?
How can I configure it in the .htaccess file? Because when I put it online I get an error saying
You don't have permission to access /de/index.php on this server.
There is also an index.php file in the root
Thanks for your help !
So this is what's happening. I don't know how to explain this.
I made a software which uploads file to my website's FTP location. It's working as it should.
As you can see in the folder that inside public_html/phphostrot.rviews.xyz/user_rot/ there are 2 php files. But when i visit the url http://phphostrot.rviews.xyz/ i get a blank page with inder of / and nothing else. And if i try to access http://phphostrot.rviews.xyz/user_rot/ I get 404 error. Even the link to the file is not working. I don't know what's the problem.
I think it's a issue with the file permissions. Have you configured your server to serve files from your public directory.
Try changing the ownership of the files to www or apache
app, img, wp-admin, wp-content, wp-includes?
check file permissions (+x), as #atefth said, check owner.
check webserver config. and check apache/nginx logs
I am developing a website for myself and I just wonder how can I prevent direct access to include files like header.php and footer.php. Those files should only be incorporated in pages like index.php or other pages wherein they will be called using <?php include(''); ?>. Should I do it through PHP? How about editing the .htaccess file or are there any other methods?
place the files(s) in a directory out side the web root.
the web server will never serve theses files to users.
php et.al. can still access the files via include\require etc
This has been the gold standard approach for several decades.
I offered 3 suggestions and since you didn't provide much to go one, I will give you one elaboration.
As #Dragon eludes to, when you use include() your reading via the file system and not via a HTTP Request. You can check for an HTTP verb ($_REQUEST, $_GET, $_POST) and refuse to show content or fake a 401.
<?php
if(isset($_REQUEST) || isset($_GET) || isset($_POST)){
header("HTTP/1.0 404 Not Found");
die();
}
// Do the needed
?>
I will let you figure out the gotcha on your own here.
It would be perfect if your server is linux, because then what you can do is follow Dagon's suggestion of placing the files to include outside of the web root.
The web root of course is the base folder that contains files the outside world is meant to access. On many systems, this is the public_html folder.
On a system with WHM/cpanel installed, you might have a special user account where the root of that account (where anything can be stored) is located at /home/user on the entire system. This can be viewed by using the file manager utility included with cpanel when logged in. In that /home/user folder, you may find configuration files and folders starting with a period as well as public_ftp and public_html folders.
In the /home/user folder, you can place the PHP files you don't want the world to directly access. Then In public_html, (accessible within /home/user) you can place the index.php file that has the include statement to the "protected" files. That way in index.php you can use this statement:
include "../file-to-include.php";
Just make sure that the administrator has set the owner of the /home/user folder to the same username you login with or you may get access denied messages when trying to access the file. On a decent cpanel setup, the last step would have already been done for you.
I have different folders in the site I am making.
What if the user tries to enter that folder, How would I not let them see what's inside?
Or can I redirect them into another page saying that they don't have the permission to access the folder/ invalid url?
I read something about htaccess but I dunno how that one works.
I am currently doing some trick (like adding index.php in the folders with a message saying they don't have permission to access) to every folder.
But it's kind of a pain. And I believe there's an easier method.
It depends on the contents of the folders:
If it contains php or configuration files that are never to be opened directly (or anything else that never needs to be requested directly by the browser), you should not put them in the web-root;
If it contains assets that are included in html but you do not want the visitor to browse the directory, you should configure your web-server so that directory browsing is disabled;
If only certain logged-in users should be able to open certain files, you should handle that in the file itself, not on the directory level.
If you cannot move your directory out of the web-root but nothing in it needs to be accessible by the browser, you can put an .htaccess file in that directory with just the following contents:
deny from all
This is something you should accomplish on a server level.
Basically restraining access to these folders on UNIX (chmod -r) for example will take care of this for you.
I have a website hosted by FatCow.
I am trying to install the Securimage PHP CAPTCHA on my site by mimicking their quickstart guide, but it failed to work off the bat, so I ran their PHP Test Script on my site to determine the problem.
It threw this error:
The following error occurred when attempting to call session_start():
session_start() [function.session-start]: open(/temp/sess_5e72461407b4ac6283d9897cc49dc4e3, O_RDWR) failed: No such file or directory (2)
Now, I had an issue before surrounding sessions, so I made a temp folder through my FTP client on my domain's home ('/') folder, and set its file permissions to 777. Then I had proceeded to put a php.ini file also in my domain's home folder with the following declarations:
session.save_path = "/temp"
session.cookie_path = "/temp"
What is the issue? Why can't it create these sessions?
If the system doesn't contain a temp/tmp directory, this appears to be a hosting configuration issue, so you'd have to take that up with your provider.
Your solution to create your own temp directory may work, but your path wouldn't be correct. "/" is only the root as perceived by your FTP session because FTP sessions are typically chroot'd. Your home's root directory as perceived by the web server is going to be your home directory, which may be something like /home/my-domain. You can use the PHP getcwd() function to find out exactly what it is.