Access Above Root Directory

[rskinner]

I'm very new here so please be delicate with your replies. Haha.

 

I'm running MAC and have set up all setting to run a server local on my machine i.e. Virtual Host, Apache and PHP5.

 

The problem I'm having is this....I've create a directory for my current project the main directory being httpdocs, I then place all the important docs outside this directory - usernames and passwords for MySQL and so forth - however when I go to include these files using and 'include' I get the following error...

 

Warning: include(../_conf/conf.ini.php) [function.include]: failed to open stream: No such file or directory in /Users/name/Sites/www.mysite.com/httpdocs/index.php on line 2

 

Warning: include() [function.include]: Failed opening '../_conf/conf.ini.php' for inclusion (include_path='.:') in /Users/name/Sites/www.mysite.com/httpdocs/index.php on line 2

 

Now correct me if I'm wrong but I'm sure PHP can access above root to gain access to important information and keeping these docs away from browser view for security?

 

I'll be very grateful for any help given.

 

R Skinner.

 

[xyph]

Try using an absolute URL.

 

/Users/name/Sites/www.mysite.com/_conf/conf.ini.php

 

If this still won't work, it may be a permissions issue.

[rskinner]

Absolute still doesn't work. Was one of the first things of many things I tried.

 

I've tried to set permissions but from my limited knowledge on permissions it doesn't work. Could you please shine some light on permissions and how to set them up?

 

Thanks for your reply.

[xyph]

And if you use Go->Go To Folder on OSX, and paste that folder, it finds it fine?

 

Open up your activity monitor, check the web server process, and see what user it's running under. Make sure that user has permissions for that given folder. If I remember OSX correctly, you right click on the folder, select 'Get Info' and it's in there.

[PFMaBiSmAd]

The error message for a permission problem would indicate that it is a permission problem.

 

Are you sure about the spelling and capitalization of the path and the file you are trying to include?

[xyph]

I've seen cases where files "don't" exist due to the user running the process not having access to a list.

 

It's rare, but you should still weed it out.

[rskinner]

Spelling and everything is fine.

 

My webserver on Activity Monitor has many processes one has a user of root and the rest have _www.

 

Would be anything to do with how I've set up permissions on virtual host?

[xyph]

Potentially. It's hard to weed out issues directly related to your file system.

 

Try creating a script in httpdocs with the following code:

 

<?php 

$path = '../_test';
$file = 'tmp_'.time().'.txt';

if( !file_exists($path) ) {
if( mkdir($path, 0766 ) ) echo $path.' created<br>';
else die( $path.' could not be created.' );
} else echo $path.' already exists<br>';

if( !file_exists($path.'/'.$file) ) {
if( ($handle = fopen($path.'/'.$file,'w')) !== FALSE ) {
	echo $file.' created in '.$path.'<br>';
	if( fwrite($handle, 'test') === FALSE ) echo 'Unable to write to '.$file.' in '.$path;
	else echo $file.' in '.$path.' written successfully';
} else die( $file.' could not be created in '.$path );
} else {
echo $file.' exists in '.$path.'<br>';
if( ($handle = fopen($path.'/'.$file,'w')) !== FALSE ) {
	echo $file.' opened for writing in '.$path.'<br>';
	if( fwrite($handle, 'test') === FALSE ) echo 'Unable to write to '.$file.' in '.$path;
	else echo $file.' in '.$path.' written successfully';
} else die( $file.' could not be opened in '.$path );
}

?>