Accessing files outside /home/user_name

mmsweb

Registered
May 3, 2008
3
0
51
Hello,

I would like to know how to set up an account to access files outside of your default folder of files (/home/some_user to access php files in /home/lib_user).

I would like to access libraries that are within a directory outside the user's directory. How to proceed?
Thank you.
 

apokalypse

Registered
Jan 17, 2006
1
0
151
Yes, this works, but the user has access to the source code of the script and I just want him to make a 'include'. Any sugestion???

tanks!
 

jBillu

Member
Oct 21, 2008
17
0
51
Then there are twos of doing it.

> Edit the main php.ini file of the server which is usually placed in /usr/local/lib/php.ini and add the path containing libraries i.e. /home/user_lib to 'include_path' variable. After that restart the apache to take its affect
> Second solution is place a php.ini file in that particular user's account under public_html directory and then apply the above changes i.e. add that library path in 'include_path' variable.

Please make sure 'safe_mode' is also turned Off in php.ini file.

Hope that will help.
 

mmsweb

Registered
May 3, 2008
3
0
51
Then there are twos of doing it.

> Edit the main php.ini file of the server which is usually placed in /usr/local/lib/php.ini and add the path containing libraries i.e. /home/user_lib to 'include_path' variable. After that restart the apache to take its affect
> Second solution is place a php.ini file in that particular user's account under public_html directory and then apply the above changes i.e. add that library path in 'include_path' variable.

Please make sure 'safe_mode' is also turned Off in php.ini file.

Hope that will help.
Hi,

If I put in include_path, the user can access the source code: file (), file_get_contents () .. And this can not happen.
 

mmsweb

Registered
May 3, 2008
3
0
51
If he can include the script, then the source will be retrievable regardless of where the file is located
Yes, but the developer gains access to the source code via include?

I know it is possible to file (), file_get_contents...
 

nickp666

Well-Known Member
Jan 28, 2005
769
2
168
/dev/null
if the file can be included like:
Code:
<?php

include("somescript.php");
Then regardless of where you put it, the user can:

Code:
<?php

file_get_contents("somescript.php");
There is no way around this except disabling the file functions (Which will render most scripts useless), so you might want to consider obfusificating the script instead so that the code is not readable
 
Last edited: