Hello people,
It's been a long time since I've asked any techie questions on Usenet but I
am under pressure to finish a project and the following issue has me
stumped. I appreciate that it's a bit long-winded but I'd be much obliged if
anyone could shed any light...
I am currently developing a PHP-based site for a client on IIS. It might be
worth pointing out here that, from a Linux background, I am no expert on IIS
or NTFS permissions.
The site includes an /admin/ folder that I wish to secure with a password.
The contents of this folder includes non-web files that I wish to protect,
so application-level password protection implemented in PHP is not suitable.
To secure the folder at the IIS/NTFS level, I enabled a "WWW Password" in a
web control panel (HCPanel) for the admin folder. Am I right in thinking
that this would probably create an IUSR account on the server, and modify
the admin folder's ACL to restrict access to this account only?
Anyway, this works great for static content and some PHP files, but I have
come across the following issue...
When a PHP file in the protected area (e.g. /admin/index.php) tries to
include() or require() a PHP file outside that protected area (e.g.
/include/config.php), an error occurs:
Warning: main(../include/config.php) [function.main]: failed to create
stream: No such file or directory in
c:\websites\clientusername\clientdomain.com\admin\ index.php on line 3
Fatal error: main() [function.main]: Failed opening required
'../include/config.php' (include_path='.;c:\php4\pear') in
c:\websites\clientusername\clientdomain.com\admin\ index.php on line 3
This occurs only when the admin area is protected; removing the protection
allows the script to run normally. Changing '../include/config.php' to an
absolute path changes the first error to a "Permission Denied" warning.
To me, it's logical that /include/config.php might not be able to include
/admin/index.php as it does not have permissions, but why does the
'priviledged' user /admin/index.php not have access to /include/config.php?
I recognise that there are ways to work around this e.g. creating a copy of
the included files under the admin folder, or resorting to application-level
password protection, but I'd hope that there is a more elegant resolution.
Many thanks,
James Beilby
1  5619 
Hi James,
What version of IIS are you using? What is HCPanel? Plus you are
missing code from this post so we dont know how you are authenticating.
Are you using PHP to send http authentication headers to authenticate
the required IIS permissions? (That is probably what I would do)
Does that user have permissions across all site folders?
My first suggestions would be to check the IIS permissions, IIS 6.0
creates three accounts on the local server when it is initally
installed IUSR, IWAM and WPG.
Only when you apply the permission in IIS, will the folder ACL be
changed (by IIS).
Also, it looks like you are using require(), try include() because it
doesnt halt on error?
Good luck
- Robin
James Beilby wrote: Hello people,
It's been a long time since I've asked any techie questions on Usenet but I
am under pressure to finish a project and the following issue has me
stumped. I appreciate that it's a bit long-winded but I'd be much obliged if
anyone could shed any light...
I am currently developing a PHP-based site for a client on IIS. It might be
worth pointing out here that, from a Linux background, I am no expert on IIS
or NTFS permissions.
The site includes an /admin/ folder that I wish to secure with a password.
The contents of this folder includes non-web files that I wish to protect,
so application-level password protection implemented in PHP is not suitable.
To secure the folder at the IIS/NTFS level, I enabled a "WWW Password" in a
web control panel (HCPanel) for the admin folder. Am I right in thinking
that this would probably create an IUSR account on the server, and modify
the admin folder's ACL to restrict access to this account only?
Anyway, this works great for static content and some PHP files, but I have
come across the following issue...
When a PHP file in the protected area (e.g. /admin/index.php) tries to
include() or require() a PHP file outside that protected area (e.g.
/include/config.php), an error occurs:
Warning: main(../include/config.php) [function.main]: failed to create
stream: No such file or directory in
c:\websites\clientusername\clientdomain.com\admin\ index.php on line 3
Fatal error: main() [function.main]: Failed opening required
'../include/config.php' (include_path='.;c:\php4\pear') in
c:\websites\clientusername\clientdomain.com\admin\ index.php on line 3
This occurs only when the admin area is protected; removing the protection
allows the script to run normally. Changing '../include/config.php' to an
absolute path changes the first error to a "Permission Denied" warning.
To me, it's logical that /include/config.php might not be able to include
/admin/index.php as it does not have permissions, but why does the
'priviledged' user /admin/index.php not have access to /include/config.php?
I recognise that there are ways to work around this e.g. creating a copy of
the included files under the admin folder, or resorting to application-level
password protection, but I'd hope that there is a more elegant resolution.
Many thanks,
James Beilby This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Kim Lots |
last post by:
Hi
Sorry to disturb you again but i really like to know
what's the NTFS folder permissions on a "virtual directory" folder
for a public webserver iis 5.x running ASP 3.0 with an Access DB on a...
|
by: Brad H McCollum |
last post by:
I'm writing an application using VB 6.0 as the front-end GUI, and the
MSDE version of SQL Server as the back-end (it's a program for a
really small # of users --- less then 3-4).
I'm trying to...
|
by: !!! Klutzo !!! |
last post by:
I give permissions for ASPNET on a top level subdirectory.
A windows program copies a file into the subdirectory, however, my web
service cannot access the file because it does not have...
|
by: Jozef |
last post by:
Hello,
Is there a way to change table permissions in VB Code? I can't seem to find
much that's concise in the help file. Here's the situation;
I have a table in the "data" portion of a split...
|
by: none |
last post by:
Hello:
I had a nice php application running on my server here at home, and I
uploaded it to a shared public type server and it started to break all
over the place. It turns out that some...
|
by: MLH |
last post by:
Invalid qualifier error displays at compile time on this A97 example
from Permissions Property HELP. What's wrong with the strContainerName
assignment line? (6th line)
Sub...
|
by: Curt K |
last post by:
We run some web services (IIS 5 and IIS 6) that communicate to a COM out of
process server, which in turn communicates to another out of process COM
server (long story). We have had lots of...
|
by: jporter188 |
last post by:
Hello,
I am working on a project to manipulate XML files. All of the files,
the code, and the output are on network drives. When I run my program
I get an exception (see below). I tried giving...
|
by: palepimp |
last post by:
Hello all,
I have searched far and wide for a solution to my issue. In short, here is the problem:
1. 3 PC's enter data into an Access 2003 database (PC's are running Vista w/ Office 2007...
|
by: DotNetNewbie |
last post by:
Hello,
in my web application, I have to create permissions for each user. So
what I am doing is that for each role (using sqlmembership in .net) I
am creating a column in the database to hold a...
|
by: taylorcarr |
last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
|
by: Charles Arthur |
last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
|
by: aa123db |
last post by:
Variable and constants
Use var or let for variables and const fror constants.
Var foo ='bar';
Let foo ='bar';const baz ='bar';
Functions
function $name$ ($parameters$) {
}
...
|
by: ryjfgjl |
last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
| |
