When attempting to access a file in PHP, the script will yield a warning similar to:<\/p>\n
Warning<\/b>: fopen(): open_basedir restriction in effect. File(\/var\/www\/myresource) is not within the allowed path(s): \r\n(\/home\/virtual\/site2\/fst:\/var\/www\/html:\/usr\/local:\/usr\/bin:\/usr\/sbin:\/etc:\/tmp:\/proc:\/dev:\/.socket) in \/home\/virtual\/site2\/fst\/var\/www\/html\/myfile.php<\/b> on line 3<\/b><\/pre>\nCause<\/h2>\n
This is caused by mistakenly referencing a path within a pivot root inconsistent with PHP.\u00a0PHP runs with a separate filesystem visibility for high-throughput performance, whereas FTP and control panel access require\u00a0low-throughput, but heightened security. PHP implements\u00a0a different security subsystem and different access rights.<\/p>\n
Solution<\/h2>\n
Prepend the\u00a0HTTP Base Prefix<\/em> value taken from the control panel<\/a> under\u00a0Account<\/strong> >\u00a0Summary<\/strong> >\u00a0Web<\/strong>. For example, the following PHP snippet would be corrected as follows:<\/p>\n
<?php\r\n \/\/ INCORRECT\r\n \/\/ Will yield open_basedir warning\r\n $key = file_get_contents(\"\/var\/www\/secret.hash\");\r\n \/\/ CORRECT\r\n $key = file_get_contents(\"\/home\/virtual\/site12\/fst\/var\/www\/secret.hash\");\r\n?><\/code><\/pre>\nFor convenience, the web server will populate an environment variable named
SITE_ROOT<\/code> that contains the value of HTTP Base Prefix<\/em>. A better example would be:<\/p>\n<?php\r\n $key = file_get_contents($_SERVER['SITE_ROOT'] . \"\/var\/www\/secret.hash\");\r\n \/\/ do whatever, $key works!\r\n?><\/code><\/pre>\nJust don’t forget too that PHP requires special\u00a0permissions<\/a> for write\u00a0access!<\/p>\n
See Also<\/h2>\n