Hey All,

I've got a Duron 1GHz box with Plesk and a lot of problems .

One of the MAJOR problem's I've run into is a php (4.2) open_basedir error while trying to include() files above the base directory. For example:

thescript.php attempts to include content/thefile.txt and cries like a baby because of the open_basedir error.

Apparently a lot of people have run into this over on the Plesk forums (http://forum.plesk.com/search.php?action=s...rder=descending) - though none of the methods people post there seem to work.

And - both RackShack and Plesk have posted answers to my exact question (http://rackshack.net/support/plesk/psa20/php.asp, http://www.plesk.com/html/support/faq/psa20/php.htm)...which...of course don't work for me .

So....here I am now, asking anyone and everyone for help. I've been trying to fix this problem for weeks, but have been extremely unsuccessful.

Any help is a appreciated! Thanks in advance!

- Matt

It's a default security setting in Plesk that prevents clients calling files above their home directories.

You can disable this for a particular domain but if this is for a client on your server I would strongly advise against it as you would simply be allowing them to access any file on your server (and even other clients accounts).

To disable safe_mode and open_basedir for a particular domain, SSH to the conf directory for a domain e.g. /usr/local/psa/home/vhosts/domain.com/conf

and type pico vhost.conf [enter]



Then simple save and exit (I think you may have to reset Apache too).

Thanks a million Rich! It got rid of the error! You've saved me from another three weeks of agony!

Although, now it seems it's that I have yet another problem (that I couldn't see before because of the open_basedir error) where it will not read $QUERY_STRING data. I threw up a simple script that echos the value of $QUERY_STRING and it returns empty every time (no matter what the variable I send through the url is).

My problem now is that I don't know whether this a PHP problem or an Apache problem. Any ideas?

Thanks for your help!

- Matt

Ok - now it's getting freaky:

echo ($HTTP_SERVER_VARS['QUERY_STRING']));

will echo the query string properly.

echo $QUERY_STRING;

won't echo anything.

Meaning, it's a PHP problem...for some reason it doesn't want me to use the shorten variables. Weird...Any ideas?

EDIT: Apparently, this is happening with all shortened variables, they need to be called through their array, rather than just as a single variable.

Thanks!

- Matt

Make sure you have register_globals on in your php.ini file.

Hey Grybo - tried it - it works!

Thanks a million guys!

- Matt

A note about this, in PHP 4.2.0 and above they changed the default settings for environment variables

In PHP 4.2.0 and later, the default set of predefined variables which are available in the global scope has changed. Individual input and server variables are by default no longer placed directly into the global scope; rather, they are placed into superglobal arrays.

You can still force the old behaviour by setting register_globals to 'On' in your php.ini file.

They changed this because in the old method is was possible to exploit security holes on the global variables

Details are at http://www.php.net/manual/en/language.vari....predefined.php

You shouldn't be using 4.2.0 . Use 4.2.1 or 4.1.2

I'm using 4.1.2,

However a quick question for those using 4.2.1 will it react in the same way was 4.1.2 simply by enabling 'register_globals' in php.ini

Thus upgrading will not 'break' any php scripts because of the global variables.