ansaurus

Question

How to include file outside document root?

Answer 1

+2 A:

You can include files from anywhere you want, unless your PHP script's permissions, or the safe mode prevent it. Your first approach is perfectly fine. What errors do you get?

Re the comments, that seem to confirm that there is no access from within PHP to a file that definitely exists. As to what it could be, Suhosin having been ruled out, the only thing I can think of is PHP or Apache being some kind of a a chroot Jail:

The main benefit of a chroot jail is that the jail will limit the portion of the file system the daemon can see to the root directory of the jail. Additionally, since the jail only needs to support Apache, the programs available in the jail can be extremely limited. Most importantly, there is no need for setuid-root programs, which can be used to gain root access and break out of the jail.

I have never worked with anything like this so I can't tell you how to spot it (apart from doing a glob() on /var/www/vhosts and see what comes up. But I think this would have to have been set up by an administrator. Who runs your machine?

Pekka 2010-03-03 09:39:33

We do (mostly I do) but the hosting company does have some odd security measures ( for example I cannot install PHP extensions directly from PEAR). Thanks for the tip I'll check with them on the jail thing.

Brayn 2010-03-09 07:32:36

Answer 2

A:

coder 2010-03-08 10:20:38

I don't agree. It's perfectly ok to use some central code library. People do it all the time with PEAR. However it ís bad practice that he puts multiple domain code in one domain. He should just make a folder outside vhosts for it.

douwe 2010-03-08 10:23:48

PEAR is a library which will be part of the include path by default. They are included by the hosting provider. the best approach is always have your dependency locally instead of globally across domains. central code library is useful only within the domain.

coder 2010-03-08 10:29:41

@coder This is what I want to do. In fact there is one domain and one location outside vhosts but that is how I initially posted the question and for the sake of clarity I haven't modified the paths. Thanks.

Brayn 2010-03-08 11:27:12

did you try creating the symlink and use it?

coder 2010-03-08 11:43:32

@coder I haven't tried that yet but it just might work. I'll get to it now.

Brayn 2010-03-08 12:15:52

@coder I have tried creating a symlink pointing to my include file but it still gives me the "Failed opening required" error. Also I have modified my .htaccess adding "Options +FollowSymlinks" and the restarted the apache daemon. I have chowned both the symlink and the file to the apache user and chmodded them to 777 just to be sure. I really don't know what's wrong with my includes :(

Brayn 2010-03-08 13:51:20

I think "../../../[...]" is one too many. But I have tried with both "../../../[...]" and "../../[...]" and I still get the same error. If I do "../../[...]" in bash it works just fine...

Brayn 2010-03-08 17:41:54

Answer 3

A:

Try chmod 777 on a test php file to see if that works, if it does you have permission issues. Also do a simple phpinfo() and see if save mode is on.

douwe 2010-03-08 10:21:55

I have tried that. See the direct comments for the question for other tests I did. Thanks.

Brayn 2010-03-08 11:25:28

Answer 4

A:

What happens if you try to require a different file:

// test.php
<?php
   echo 'Hello World';
?>

// your file
require_once('test.php');

Does that work? If so, put test.php in the other location and try it again. Does it still work?

cdburgess 2010-03-08 19:12:57

I have tried with several files. If the included file is on the same domain ( in the same webroot) it works fine. If I move the file to any other location outside that it won't work.

Brayn 2010-03-09 07:31:01

Answer 5

+3 A:

You can not accomplish this if open_basedir is in effect, which prevents PHP from transversing out of the home directory.

What you can do is make sure that docroot1 and docroot2 are owned by users in the same group, set group permissions accordingly and use a symbolic link from docroot2 to docroot1 to read the other web root.

Or, re-build PHP and let it just follow typical *nix permissions like every other process :)

Tim Post 2010-03-09 11:57:46

Answer 6

A:

I sit here wondering why You didn't jus do a symlink. Or did I mis something? You could symlink a folder with needed includes to the path You have access to.

naugtur 2010-03-13 16:08:59

If the current user can't even *see* files outside the current domain's directory, it's likely that there is a security mechanism in place that can't be circumvented with a simple symlink. But it's still worth a try.

Pekka 2010-03-13 16:11:26

he mentioned checking all the files in bash so i expect he has access.

naugtur 2010-03-13 16:32:36

I've tried a symlink but it didn't work ( I've mention that somewhere in the comments. Also I've solved the problem and update the post a while ago. Thanks anyway!

Brayn 2010-03-15 08:02:19

Answer 7

+1 A:

This works on a couple of machines i manage

ini_set("include_path",".:/hsphere/local/home/user_name/other_domain.com");
require "filename.php";

Kristoffer S Hansen 2010-03-13 18:22:19

That should have worked also and I have tried it, I've mentioned somewhere around here that I've added the path to the include path. The problem was with the open_basedir setting in php.ini, see the post for the update with what was wrong. Thanks!

Brayn 2010-03-15 08:03:49

ansaurus

tags:

views:

answers:

How to include file outside document root?

related questions