Jump to content

Recommended Posts

Hi all "im new here" :)
 
Hoping someone can help me with this peculiar problem.
 
I have a vps running Plesk (9.5.4) + PHP 5.3
 
For the domain I am working on, I have specified additional directories to the PHP include_path via vhost conf file.
 
One of those directories is outside of webroot, so is same level as httpdocs.
 

eg:

:/var/www/vhosts/example.com/outer_includes

My scripts are able to include PHP files, using require, include etc from the directory added to PHP's include, so I know that its working perfectly.
 
Problem I have is that if I call a script with HTTPS, I get require_once fatals, as for some reason the includes no longer work.

 

 

---------------------------------------------------

eg:

 

include_me.php lives in a directory on same level as httpdocs, which has been added to PHP include directories.

/var/www/vhosts/example.com/outer_includes/include_me.php

script.php contains:

<?php

require_once('include_me.php');

?>

Calling:

 

http://www.example.com/script.php

 

This works as expected.

 

Calling:

 

https://www.example.com/script.php

 

This fails with fatal on the require_once()

---------------------------------------------------
 
I am self taught and fully expect this to be another hole in my knowledge but I can't seem to fill this one by asking Google.
 
Can anyone advise? Would be very grateful
 
Boreas

Edited by Boreas
Link to comment
https://forums.phpfreaks.com/topic/290807-include_path-vs-https-vs-confused/
Share on other sites

Thanks for the reply, some of the files to be used I was advised to keep out of webroot as they contain some API tokens. I believe I tried to give a 'harder' include path when initially writing this application (its been running for some time before needing any https pages), but failed hence having to add the directory to PHP's include directories.

 

So I could move most of those files back into httpdocs and include problem should go away but according to advice received previously it would still be a good idea to leave the sensitive token files outside of webroot, and include them where necessary - so problem would still exist.

 

Still flummoxed over why https causes any difference.

Edited by Boreas
 

So I could move most of those files back into httpdocs and include problem should go away but according to advice received previously it would still be a good idea to leave the sensitive token files outside of webroot, and include them where necessary - so problem would still exist.

 

 

 

Not sure if you understood my reply. I'm saying that you should stop relying on PHP to find the scripts for you and instead specify the concrete path. Like so:

include '/var/www/my_website/functions/user.php';

Of course you shouldn't literally hard-code the path. You can use the __DIR__ constant to get the absolute path of the script and then go from there:

include __DIR__ . '/functions/user.php';

(assuming the calling script resides in /var/www/my_website)

 

 

 

Still flummoxed over why https causes any difference.

 

Using HTTPS gives you an entirely separate site which may be different from the HTTP site (different PHP settings, maybe even different content). So it's not too surpring that the behaviour of PHP changes.

 

Since I don't know your exact server setup, I can't tell you the specific reason. But is it even relevant when the entire approach is already a bad idea?

Edited by Jacques1

Thank you both for your replies

 

requinix: Yes that is probably the problem here, thanks for pointing it out - as a quick fix I will pursue this pending changing the affected scripts.

 

Jacques1: Thank you for the advice. I don't know why but I had it in my mind it was a bad idea to include using _DIR_ but you have shown what I am doing is the bad idea. I will do as you say from now on. Appreciate the input, again I have learned some 'basic' best practices the hard way

 

Many thanks

 
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.