I'm working with a legacy php script. There is a file upload form in it already, but I've added another one for a different section in the same script.
The $_file['file'] is there. But I keep getting a open_basedir restriction error, and if not that, I get a permission error.
I wouldn't mind working around these problems, but the thing is, the other form works fine. There are no differences in where the scripts are (same dir), nor are there any problems in where the files are going (I tried different dir, and same dir).
I'm going absolutely bat crazy trying to figure this out. Why is my file form not working? Why does it work for the other code? What is going on?
I've had similar issues which turned out to be to do with incorrect setting of the /tmp directory by the hosting provider (i.e. where PHP stores the temporary upload file). Might be worth a call to tech support.
Doesn't it have to be $_FILE['file'] instead of $_file['file']?
safe mode forces move_uploaded_file() to check whether the files or directories being operated upon have the same UID (owner) as the script that is being executed.
I would also recommend looking for ini_set() statements in the working code.
i dont know if you suffer from the same problem, but some time ago we had a problem with open_basedir and smarty. we were receiving problem from smarty code, but the problem was bad include_path (we were setting it through ini_set but without concatenating it with old include_path). in the result smarty tried to check if directory was readable creating possible path from root directory / which violated open_basedir. to sum up, check where do you get open_basedir error, what is the path that causes the problem.
Related
I was having problems with my PHP website (SuiteCRM) not being able to log users in and I found it was due to not being able to write on the sessions directory.
I am able to fix it by creating the directory /tmp/php_sessions and giving it write permissions for the Apache user www-data. I see the directory get populated with files as users log in.
However, Ubuntu Xenial is deleting my entire tmp directory on reboots, so I have to redo this all over again every time. I decided to move my save_path elsewhere.
After changing things in my php.ini file, and restarting Apache, I can check that they are effective by running this simple script:
<?php
echo ini_get("session.save_path");
phpinfo();
?>
This shows me a double confirmation of the new path, first echoing /var/tmp/php_sessions and then, in the middle of all the phpinfo information, showing the same value as both Local Value and Master value for directive session.save_path.
BUT the directory that php is using is still the first one, /tmp/php_sessions! It seems that my setting is being ignored.
Am I overlooking something? Where could that old setting be buried? Or how can I make the new one effective?
(P.S. - I am not using a redis handler as in another similar SO question)
Ok, I solved my own problem and the general answer is as follows:
There are two more things that can be changing the path and need to be checked,
the PHP code of the application might be changing the ini directive, search the code for ini_set(session.save_path
the PHP code might be using the session_save_path PHP command to override the ini. Search the code for that also (and notice the two underscores _!)
And the specific answer for my case was that SuiteCRM uses session_save_path command to set its path with a value coming from the file config.php found at the web root. That's where I found the old setting, and changing it solved my problem (for good, I hope).
I'm trying to get a file's content into a variable but I don't get anything when I read the file. I used both methods JFile::read() and file_get_contents() but both return the same thing: a blank string, not an error , not any boolean values or anything.
I want to mention that I'm working on a Linux machine (just for 2 days) and recently I changed the permissions for the entire machine to 777 ( I don't know if this affects something or not).
Is the a connection between my OS, permissions and the php's file_get_contents()? or Joomla restricts file reading?
Also I want to mention that my file_get_contents() function was added manually by me in the index.php file , also the file I want to read was manually added in the same folder with index.php.
We had the same problem with one of our clients, it turned out it was a firewall issue. It was very hard to debug this issue. I suggest you check with your networking team.
I am assuming, of course, that you have set the PHP error reporting level to the maximum and that you have checked the error logs.
It seemed the problem was from my system . I messed it up when I changed the permissions so I have to re-install it.
Never change the permissions on a Linux for the entire file system.
I have just checked out a project from an SVN and have tried to run the project on my local machine using WAMP and virtual hosts. I'm getting a lot of errors saying variables have not been declared and after further investigation have found that they are set in separate PHP files and then have been included into the page throwing the errors.
This works absolutely fine on live but not on my local which makes me think it must be a PHP setting. I've looked in the PHP.ini file but don't really know what I'm looking for.
There are two things I would like to know...
Firstly is there something I can adjust in my PHP.ini file to solve this and secondly, is it a good idea to have this setting(should there be one), as I have always worked with PHP variables, private to the page unless setting a $_SESSION variable.
Hope this makes sense to someone.
I should also mention I'm using windows and the server that runs the file is using Linux.
Thanks in advance
my guess is: your local and remote server have two different include paths set. you can check that by looking at the output of get_include_path()
then, check if paths are correct, you might want to check paths of these files
are they in the same directory? if no, are the paths in include relative or absolute? and how are the paths defined? these info will help you to get your answer. no php.ini setting can probably help you here.
All of a sudden, my SMF powered forum has stopped working.
In fact, PHP files no longer seem to want to open on my website. I tried uploading a blank PHP file with just a few characters of text, and it refuses to open giving the error below.
I also tried a PHPinfo file, which didnt work, giving the same error. Other sites on the same server are working.
Fatal error: Unknown: Failed opening required '/home/users/a/n/mysite/www/index1.php' (include_path='.') in Unknown on line 0
Any ideas about whats gone wrong?
Just an idea. As it happens to all php files that could to what i know only mean 2 things.
Either there is somekind of error on the php extension.
OR what it most likely is, is that SMF uses a .htaccess to make user friendly links. Which means all requests to the server no matter what (Unless specified in the .htaccess) will be sent to index.php and then be handled.
So if there is a error in the index.php or the library of some sort it would explain why no matter what php file you're looking at it gives the error.
-
One thing you could do is to take a backup of all your images in the system. Then try to install a fresh version on your local machine. Once done copy/past the images back and copy all the current php files for SMF and replace the current ones on your host with them.
-
Haven't used SMF much so I'm not sure this is the solution at all. But to me it sounds like a solution.
It seems you have broken your root document.
do chmod 755 index1.php
and it should solve the problem.
You should check the php.ini or php5.ini file. I don't believe the single ticks around '.' for the include_path are valid. Double quotes will work however.
It seems you have been hacked:
http://wordpress.org/support/topic/fatal-error-unknown-failed-opening-required-google_verifyphp
Ahh sorry reread the question. I guess this is what you may try.
Check your file permissions. by default if your web server can not read files thats what you are going to get. I could be wrong but worth having a look
so just chmod your root folder to say 755 atleast
Okay, I've tried everything, this is by far the best place it seems, I want to make Document Root here httpdocs/[folder]/html and I have php include files that I want to go above the root (require '../[folder]/file.php'] but not be able to access further than /var/www/vhosts/example.com/httpdocs. I know I'm being limited by open_basedir because the value is still httpdocs/[folder]/html in phpinfo() but for the life of me I can't change that local value!
This is what I've tried so far:
I've seen this - How to include file outside document root? - and created a 'vhost.conf' that is stil sitting in the conf directory, reconfigured the file, restarted apache...nothing. It's a good post but it seems a little out of date.
I edited php.ini itself to open_basedir = '/var/www/vhosts/example.com/httpdocs, uploaded it back up to where it was, reconfigured, restarted - nothing
I pulled out 'httpd.conf' edited it by adding the same lines from the other conf file,(vhost.conf), put it back in - nothing, I then tried to do what godaddy says here - http://help.godaddy.com/article/1616 and added the line php_admin_value open_basedir none' to 'httpd.conf - with no luck either.
It is now 0435 and I can barely keep my eyes open - this site is suppose to launch tomorrow at 2000! Thanks in advance to anyone who is willing/able to read and/or help.
Update: Thanks for a quick response, here are the best answers I can give you:
Does it give you an error?
Yes, I get a server error and through my server error log, specifically:
PHP Warning: require() [function.require]: open_basedir restriction in effect. File(/var/www/vhosts/[example.com]/httpdocs/[folder]/[folder where secure php files exist]/[file.php]) is not within the allowed path(s):
So I'm 99.99% sure its because of the open_basedir restriction.
Are you sure that your webserver is set as the owner of vhosts/ ?
I'm pretty sure, I'm kinda new to controlling servers and I don't really know what that means exactly but I have a virtual dedicated server through Godaddy, running Parallels Plesk v10.3.1, I did the above file moving going through Shell SSH.
In Plesk, I can change the 'Document root' to anything below /var/www/vhosts/example.com and Plesk will change the 'open_basedir' to anything I set. For example, If I set the document root to 'httpdocs' in Plesk then 'open_basedir' is changed to the same folder and everything works fine. The problem is I don't want public access to everything in /httpdocs/[folder]
My goal is I want to change 'document root' to /httpdocs/[folder]/html and 'open_basedir to /httpdocs but I can't change that local value in open_basedir for some reason. I want to do this for security purposes so people can only directly access the non important php files, but php itself I want to give more access to folders.
Are you trying to include using relative or absolute paths?
My paths in the php file that I'm trying to include/require to files above 'document root' looks exactly like this format:
require '../[folder where secure php files exist]/file.php';
If I'm understanding you correctly, I'm not using the entire path of the server.
ANSWER: (This was changed to the answer):
Apparently, in Plesk 10, Plesk's program sets whatever the 'document root' path will be, to the 'open_basedir' BUT there is no user friendly way to change 'open_basedir' in Plesk 10!!!
So instead it is a little bit of a hack, you have to first go here:
/usr/local/psa/admin/conf/templates/default/service/php.php
Then change both of these lines in the file, (line 11 and 29):
echo "php_admin_value open_basedir {$OPT['dir']}/:/tmp/\n";
to this:
echo "php_admin_value open_basedir /var/www/vhosts/[your.domain]/httpdocs/:/tmp/\n";
or to wherever you want the restriction to stop.
Then make sure your run these lines is SSH:
/usr/local/psa/admin/sbin/httpdmng --reconfigure-all
/etc/init.d/httpd stop
/etc/init.d/httpd start
But I'm having a new problem now. The 'document root' is pointing to the correct folder:
/var/www/vhosts/[my.domain]/httpdocs/[folder]/html
without any error however when the server gets to a:
require '../[folder]/[file.php]';
It skips through it like its not even there! Not giving me an error msg or anything. It's also skipping all my embedded css files, js files, images, videos...its not going to any of the directories! I have a feeling it's a 'php.ini' setting or something weird that Plesk is doing.
Solved: The last issue was because I never worked with accessing files above the root. PHP is allowed to go above the root but you can't do this:
src="../img/imagefile.jpg"
in HTML.
So after restructuring all my site files my website is now up and running! Thanks to all that helped, hopefully someone won't have to do that again. Also, I saw a post where Plesk is updating this because it is a big issue. Someone who works for Parallels said, http://forum.parallels.com/showthread.php?t=113236 this will be an option in the next version, so until then it's hack time!!