0

I have a file called connect.php which provides the details to access a mysql database, it is kept outside of my web directory for security, but I can't get my page to access it using require() or include(). In order to test the cause for this I created a very simple program called Test.php:

<?php
echo "This one works!";
?>

If I place this in my web directory, and call it using:

include('Test.php');

Then it prints the message. If I leave it in the web directory and do an absolute path:

include('/home/eddy/web/html/Test.php');

Then that works to, but if I place it elsewhere and try linking to it:

include('/home/eddy/security/Test.php');

or

include('../../security/Test.php');

Then it does nothing.

echo 'X';
echo include('/home/eddy/security/Test.php');
echo 'Y';

returns 'XY';

I have no error message coming up, I believe the system administrator has turned error warning off for security reasons.

Any ideas?

EddyTheB
  • 3,100
  • 4
  • 23
  • 32
  • 1
    Remember that PHP is running under the web server's permissions. Just because it read files inside the site's document root doesn't mean it can read files elsewhere. – Marc B Aug 20 '13 at 22:42
  • *"I have no error message coming up, I believe the system administrator has turned error warning off for security reasons."* - can hardly believe so, because you can turn them on again, see: [How to get useful error messages in PHP?](http://stackoverflow.com/q/845021/367456) – hakre Aug 20 '13 at 22:43
  • Is there a way to ensure that it can read files elsewhere? My connect.php file (and my Test.php) file both have read permission for all. – EddyTheB Aug 20 '13 at 22:46

1 Answers1

0

Firstly try and turn on error reporting in your file that you're trying to do the include by including this at the top of the php file:

ini_set('display_errors',1); 
error_reporting(E_ALL);

Depending on your server configuration it should display the error.

Then in terms of your issue you need to check both your ownership and write/read permissions on the /home/eddy/security/ folder as well as the file /home/eddy/security/Test.php

What you need to check for is that the folder and file have the same ownership as your normal webroot folder and that the folder and file have read permissions. Assuming that your webserver user is www-data you could try the following:

chown -R www-data:www-data /home/eddy/security
chmod 744 /home/eddy/security
chmod 644 /home/eddy/security/Test.php

What type of web server are you running? From experience, if it's Apache then you can read files outside of the server's default webroot directory so I'm interested to know if either the error reporting and/or the permissions actually solve this issue for you.

justinhartman
  • 682
  • 7
  • 20