Boreas Posted September 2, 2014 Share Posted September 2, 2014 (edited) Hi all "im new here" Hoping someone can help me with this peculiar problem. I have a vps running Plesk (9.5.4) + PHP 5.3 For the domain I am working on, I have specified additional directories to the PHP include_path via vhost conf file. One of those directories is outside of webroot, so is same level as httpdocs. eg: :/var/www/vhosts/example.com/outer_includes My scripts are able to include PHP files, using require, include etc from the directory added to PHP's include, so I know that its working perfectly. Problem I have is that if I call a script with HTTPS, I get require_once fatals, as for some reason the includes no longer work. --------------------------------------------------- eg: include_me.php lives in a directory on same level as httpdocs, which has been added to PHP include directories. /var/www/vhosts/example.com/outer_includes/include_me.php script.php contains: <?php require_once('include_me.php'); ?> Calling: http://www.example.com/script.php This works as expected. Calling: https://www.example.com/script.php This fails with fatal on the require_once() --------------------------------------------------- I am self taught and fully expect this to be another hole in my knowledge but I can't seem to fill this one by asking Google. Can anyone advise? Would be very grateful Boreas Edited September 2, 2014 by Boreas Quote Link to comment Share on other sites More sharing options...
Jacques1 Posted September 2, 2014 Share Posted September 2, 2014 There's a simple solution: Stop relying on fragile include paths. Always specify the concrete script that should be included, don't make PHP guess what you mean. Quote Link to comment Share on other sites More sharing options...
Boreas Posted September 2, 2014 Author Share Posted September 2, 2014 (edited) Thanks for the reply, some of the files to be used I was advised to keep out of webroot as they contain some API tokens. I believe I tried to give a 'harder' include path when initially writing this application (its been running for some time before needing any https pages), but failed hence having to add the directory to PHP's include directories. So I could move most of those files back into httpdocs and include problem should go away but according to advice received previously it would still be a good idea to leave the sensitive token files outside of webroot, and include them where necessary - so problem would still exist. Still flummoxed over why https causes any difference. Edited September 2, 2014 by Boreas Quote Link to comment Share on other sites More sharing options...
requinix Posted September 2, 2014 Share Posted September 2, 2014 HTTPS typically uses a different VirtualHost configuration file. You need to make your include_path modifications in both places. Quote Link to comment Share on other sites More sharing options...
Jacques1 Posted September 2, 2014 Share Posted September 2, 2014 (edited) So I could move most of those files back into httpdocs and include problem should go away but according to advice received previously it would still be a good idea to leave the sensitive token files outside of webroot, and include them where necessary - so problem would still exist. Not sure if you understood my reply. I'm saying that you should stop relying on PHP to find the scripts for you and instead specify the concrete path. Like so: include '/var/www/my_website/functions/user.php'; Of course you shouldn't literally hard-code the path. You can use the __DIR__ constant to get the absolute path of the script and then go from there: include __DIR__ . '/functions/user.php'; (assuming the calling script resides in /var/www/my_website) Still flummoxed over why https causes any difference. Using HTTPS gives you an entirely separate site which may be different from the HTTP site (different PHP settings, maybe even different content). So it's not too surpring that the behaviour of PHP changes. Since I don't know your exact server setup, I can't tell you the specific reason. But is it even relevant when the entire approach is already a bad idea? Edited September 2, 2014 by Jacques1 Quote Link to comment Share on other sites More sharing options...
Boreas Posted September 2, 2014 Author Share Posted September 2, 2014 Thank you both for your replies requinix: Yes that is probably the problem here, thanks for pointing it out - as a quick fix I will pursue this pending changing the affected scripts. Jacques1: Thank you for the advice. I don't know why but I had it in my mind it was a bad idea to include using _DIR_ but you have shown what I am doing is the bad idea. I will do as you say from now on. Appreciate the input, again I have learned some 'basic' best practices the hard way Many thanks Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.