error including file using /dir/file.php - root is confirmed

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
Consolas
Forum Newbie
Posts: 13
Joined: Wed Apr 09, 2008 7:07 pm

error including file using /dir/file.php - root is confirmed

Post by Consolas »

Hi everyone.

I'm having the " open_basedir restriction in effect. File(/plataform/inc/db_conn.php) is not within the allowed path(s): (/var/www/vhosts/subdomain.maindomain.com/httpdocs:/tmp) in /var/www/vhosts/subdomain.maindomain.com/httpdocs/platform/inc_general/general_configuration.php on line 22" kind of error.

I have access to the server, on a root leve. Been checking out already both httpd.include and create a vhost.conf.

On the vhost.conf I have a very httpd.include similar file but on the virtualhost (with the ip of my subdomain) I have on both IfModule sapi_apache2.c and <IfModule mod_php5.c>, and after trying to just give permission to the specific directories, php_admin_value open_basedir none.

I know I'm some what creating a security issue here but still, even with this set at none, I'm getting the same error shown above.

I restart the apache after creating the vhost file but still no use.

What is strange is I am not trying to access different domains from within. Let me explain this better. I have had this kind of issue when trying to upload a file from http://www.domain1.com to http://www.domain2.com (they were set at the same server).

But here I'm just trying to use a prepend file on htaccess and on that file I have a constant with the root of the site, that should be /plataform/.

When trying to include the db_con file, using ROOT_PATH . "/inc/db_con.php" I get the error.

Any tips, you guys?

Thank you very much for your help and attention

[ EDITED ]

I've managed to change the vhost and the file is getting include. However, all the files I include using include('/dir/file.php') output the "failed to open stream: No such file or directory in" error.

I am sure the files are there as I can see them on the server. I don't know what is wrong since I've tried as well echoing the
$_SERVER['DOCUMENT_ROOT']; and the root is /var/www/vhosts/subdomain.maindomain.com/httpdocs, which is the real root of my site.

The folders and files are there, but they don't get included.

Any tips?



Ricardo
Last edited by Consolas on Tue Jan 19, 2010 9:45 am, edited 2 times in total.
User avatar
Eran
DevNet Master
Posts: 3549
Joined: Fri Jan 18, 2008 12:36 am
Location: Israel, ME

Re: Hi guys

Post by Eran »

Please change the title of your thread to something more relevant
Consolas
Forum Newbie
Posts: 13
Joined: Wed Apr 09, 2008 7:07 pm

Re: Hi guys

Post by Consolas »

You are absolutely right. My bad. Thanks for the heads up, buddy!
User avatar
AbraCadaver
DevNet Master
Posts: 2572
Joined: Mon Feb 24, 2003 10:12 am
Location: The Republic of Texas
Contact:

Re: open_basedir restriction error - include file from site root

Post by AbraCadaver »

Try commenting out open_basedir in php.ini and restarting Apache.
mysql_function(): WARNING: This extension is deprecated as of PHP 5.5.0, and will be removed in the future. Instead, the MySQLi or PDO_MySQLextension should be used. See also MySQL: choosing an API guide and related FAQ for more information.
Consolas
Forum Newbie
Posts: 13
Joined: Wed Apr 09, 2008 7:07 pm

Re: open_basedir restriction error - include file from site root

Post by Consolas »

Hello!

It is already off, just confirmed it.

I'm guessing this is some problem with the configuration? I'm just including a file using include('/dir/file.php') and I get this error.

My home base dir is well defined...(/var/...etc...../subdomain.domain.com/httpdocs) so, when I use /dir/file.php I'm saying the dir is on the root of the site.
Consolas
Forum Newbie
Posts: 13
Joined: Wed Apr 09, 2008 7:07 pm

Re: error including file using /dir/file.php - root is confirmed

Post by Consolas »

[ EDITED ]

I've managed to change the vhost and the file is getting include. However, all the files I include using include('/dir/file.php') output the "failed to open stream: No such file or directory in" error.

I am sure the files are there as I can see them on the server. I don't know what is wrong since I've tried as well echoing the
$_SERVER['DOCUMENT_ROOT']; and the root is /var/www/vhosts/subdomain.maindomain.com/httpdocs, which is the real root of my site.

The folders and files are there, but they don't get included.

Any tips?
User avatar
kaisellgren
DevNet Resident
Posts: 1675
Joined: Sat Jan 07, 2006 5:52 am
Location: Lahti, Finland.

Re: error including file using /dir/file.php - root is confirmed

Post by kaisellgren »

Try

Code: Select all

echo getcwd();
prior to the include().
Consolas
Forum Newbie
Posts: 13
Joined: Wed Apr 09, 2008 7:07 pm

Re: error including file using /dir/file.php - root is confirmed

Post by Consolas »

Hey buddy!

Thanks for your reply, kaisellgren.

Tried that and it output the root of the site, all good so far.

Let me just say I've managed to overcome my problem using the following steps (bear in mind that I don't really understand why I have to do the step 1/2 since I'm on the same domain, but ok):

1. Add a vhost file since this is a plesk "environment" and plesk "ruins" the httpd.include. It's better to not mess around with it, I think.
2. On the vhost add the domains you which to admit to access to the site, like I'm on the site http://www.stuff.com and I will say I have a open base dir to site http://www.domain2.com, http://www.domain3.com, etc. For the time being I've set this to none, just to get this going. Later on I will close it ans restrict it to the specific domains.
3. Restart Plesk (in order to httpd.include admits and includes the new vhost.conf file)
4. Restart Apache (so it reads the vhost.conf file)

Now, when I write on, for instance, an include ( include("/stuff") ) I'm saying stuff is on the root of the site. I usually did this without messing around with the vhost but this server might be different, I don't know.

The other thing I did then was to create two different variables, one called ROOT_REAL_PATH and the other ROOT_LAYOUT_PATH.

The ROOT_REAL_PATH has something like

Code: Select all

define('ROOT_SCRIPTS_PATH',$_SERVER['DOCUMENT_ROOT'] . "/folder_to_include/");
and the other one is

Code: Select all

define('ROOT_LAYOUT_PATH','/plataforma/');
The first one I use to include files (php files on several pages) and the last one I use on img tags, javascripts, etc.

This way I won't have the img tags with something like src="/var/www/stuff/blabla/site/img"

What do you think of this approach?

Thank you for your time, buddy!

Ricardo
Post Reply