-1

Ι want to include a file outside from public_html in php.

I placed a file outside from public_html and tried to include this file, to a file that exists to public_html/myDirectory.

I tried this include '../../myFile.php'; but it's not working.

Where am i wrong ?

Thanks for any help.

jeriko
  • 5
  • 4
  • In what way does it fail? Is there an error? Unexpected output? Something else? – David Jun 29 '20 at 17:57
  • Where _exactly_ is this file located? – ADyson Jun 29 '20 at 17:58
  • myFile.php/public-html/ is the file that i want to include into public_html/myDirectory/MyFile.php – jeriko Jun 29 '20 at 17:59
  • David is about mysql connection , i have this file outside from public_html with username and password – jeriko Jun 29 '20 at 18:02
  • 1
    @jeriko, if the error you see is mysql connection error, there is no problem with the inclusion itself. – noam Jun 29 '20 at 18:09
  • i think that with this code does not include myFile.php .The error that i get is "Failed to connect to MySQL: Access denied for user ''@'localhost' (using password: NO)"Into myFile.php i have password and username. – jeriko Jun 29 '20 at 18:12
  • jeriko, you need to do some further testing to see if the myFile.php is working properly. For example, add echo and/or debug statement in myFile.php and see if you can see the results. – kojow7 Jun 29 '20 at 18:17
  • At public_html i have the same file.And when i include this file into public_html/myDirectory/MyFile.php with this code include '../myFile.php'; i get no errors – jeriko Jun 29 '20 at 18:18
  • @jeriko: The `include` operation makes no attempt to connect to a database. If the error is that the code is failing to connect to the database, then the error is not on the `include` line. Wherever you're trying to connect to a database, that's where the problem is occurring. – David Jun 29 '20 at 18:18
  • jeriko, do you correct permissions on the myFile.php? – kojow7 Jun 29 '20 at 18:21
  • 1
    Also, what happens if you change `include` to `require_once`? – kojow7 Jun 29 '20 at 18:23
  • perm 777.The code that is working - > https://pastebin.com/J7sL8vhb - When i try with ../ it's ok.The problem exists when i include the file with password and username which is outside public_html with this ../../ – jeriko Jun 29 '20 at 18:42
  • so you think it's not finding the correct username and password? As kojow says, change include to require_once and see if you get an error. Also, the include could be working fine, but maybe the way you define the variables isn't, or something. hard to know without seeing that version of the code. BTW there's no need to paste code on other sites. Your question has an "edit" button, so you can use that to update your post with code, and you can use the [formatting tools](https://stackoverflow.com/help/formatting) to make it readable and neat. – ADyson Jun 29 '20 at 18:48
  • ADyson, it is finding the correct username and password when i include the file that is into public_html folder.When i include the file that is outside from public_html folder it returns "Error: Unable to connect to MySQL. Debugging errno: 1045 Debugging error: Access denied for user ''@'localhost' (using password: NO)".The file that i want to include outside from public_html and the file i include from public_html are exactly the same. – jeriko Jun 29 '20 at 18:56
  • As requested, did you change `include` to `require_once`, to check if it errors when you require the file (as opposed to just making it optional)? Please give a clear answer to that, it might be significant. The trouble with `include` is that it won't actually cause your script to fail if it can't find or open the file – ADyson Jun 29 '20 at 19:33
  • require_once returns HTTP ERROR 500 – jeriko Jun 29 '20 at 19:44
  • 500 Internal Server Error is a generic error message informing you that the server crashed while processing the request. Beyond that, it's meaningless, and is of very little use for debugging. You need to check the error logs on the server to try and find the underlying exception message. Once you've got that, you stand a chance of identifying the real problem. (Obviously, for that to work, you need to have configured PHP to log errors to a file. Here's a guide to doing that if you need one: https://stackify.com/php-error-logs-guide/) – ADyson Jun 29 '20 at 19:54
  • @ADyson here it is Warning: require_once(): open_basedir restriction in effect. File(/home/user/db.php) is not within the allowed path(s): (/home/user/public_html:/tmp:/opt/cpanel/ea-php72/root/usr/share/pear:/var/cpanel/php/sessions/ea-php72) in /home/user/public_html/customers/login.php on line 4 Warning: require_once(/home/user/db.php): failed to open stream: Operation not permitted in /home/user/public_html/customers/login.php on line 4 – jeriko Jun 29 '20 at 20:06
  • Well there you go then. PHP is not allowed to open that file because it's outside the permitted area. Do you know what open_basedir does? If not, see https://www.php.net/manual/en/ini.core.php#ini.open-basedir . So you'll need to change this setting before it can work. – ADyson Jun 29 '20 at 20:07
  • But...why is it such a big deal? Moving the DB username and password outside public_html doesn't, by itself, make it more secure. (And the fact you've given it 777 permissions makes it less secure really.) No user of the website can ever see that data because it's in a .php file, and the source code will never be shown to them. If you really want to secure the password outside your code (which is still sensible for other reasons), then see https://stackoverflow.com/questions/97984/how-to-secure-database-passwords-in-php – ADyson Jun 29 '20 at 20:10

2 Answers2

-1

Use full fledged path like.

include("/home/hostusername/myFile.php");

Replace hostname with your hostusername.

Keral Patel
  • 329
  • 2
  • 11
  • This is not very practical for sites which can be deployed into different locations in different environments. Relative paths solve that problem. So this solution solves one problem but just creates another one instead. – ADyson Jun 29 '20 at 19:31
  • Agreed it is not practical but without knowing full structure of his file system this is best I could come up with. Others have already suggested ../ and that is not working for the OP as he stated. – Keral Patel Jun 29 '20 at 19:37
  • Well that means either the path is wrong (easy enough to correct if we knew the real path) or maybe actually the use of `include` (instead of `require`) is obscuring something like a permissions issue. We need to actually solve the underlying problem rather than proposing what is effectively a workaround which, as I've already said, creates other problems instead. – ADyson Jun 29 '20 at 19:39
  • And I am waiting for the OP's full response to my questions before I can give a solution, because (as I hinted in my comment above) we do not yet possess all the necessary information :-) – ADyson Jun 29 '20 at 19:52
  • If you check the latest comments on the main thread of the question now, you can see what the underlying issue turned out to be... :-) – ADyson Jun 29 '20 at 20:12
  • Agreed. Looks like getting full info out from someone is the key. I know always more than one angle involved. – Keral Patel Jun 30 '20 at 03:26
-1

/ is absolute system path to get your directory name use

echo $_SERVER['DOCUMENT_ROOT'];

where your file position the first folder use / only

include '/myfile.php';

The 2nd directory use file name

 include '/filename/myfile.php';

other wise use curl or file get

file_get_contents("/myfile.php"); //http://yoururl.com/myfile.php

update your main code include alternate

Berlik Tradingplc
  • 86
  • 9
  • 1
    It seems pretty clear from the question that the file is _outside_ the normal document root. In fact, that's the entire point of the question... – ADyson Jun 29 '20 at 19:54
  • Thanks for the edit, but not sure how this update would help? It would be great if you explained it for everyone's benefit. As far as I can see now you're just proposing a hard-coded path which creates as many problems as it solves (particularly when deploying the site to different locations). Anyway have you been reading the comments above? The path itself not the issue, it's the permissions to that path. – ADyson Jun 29 '20 at 20:11
  • Thanks for the further edit. But none of these help to deal with relative paths above the current one. And again, if you read the comments, this has nothing to do with the real problem anyway. – ADyson Jun 29 '20 at 20:16
  • file_get_contents will return the source code as a string but it won't include it in the current script as executable code in the way that `include` or `require` does. And the example you've given still using hard-coded instead of relative paths. So it won't achieve what the OP wants. And even if it did, it still doesn't get round the permissions issue being discussed in the comments on the main question thread. – ADyson Jun 29 '20 at 20:24