Problems reading and uploading images in external folder (open_basedir)

Hi!
Sorry for my english.
Currently I migrated my sites to i-mscp and all it's ok... but...
I tryed to read and upload with php images from external folder... for example:

Upload

file system path: /var/www/virtual/domain1.com/htdocs/images/

[code=php]
$_SESSION["varfotos"] = "/var/www/virtual/domain1.com/htdocs/";
$ruta = $_SESSION["varfotos"].$_FILES['txtimagen1']['name'];
move_uploaded_file($_FILES['txtimagen1']['tmp_name'], $ruta);
[/php]

read

[code=php]
$_SESSION["varfotos"] = "/var/www/virtual/domain1.com/htdocs/";
$ruta = $_SESSION["varfotos"].$foto1;
if (file_exists($ruta)){
if (!empty($foto1)){ ?>
<img src="/imagen.php?imagen=<?php echo $ruta; ?>&ancho=100&alto=75" />
}
}
[/php]

In the old site all images were in the principal domain, but now in the new server each domain have a ip then I assignend one IP to each domain, however tryed to load or read images launch the error:

Warning: file_exists(): open_basedir restriction in effect. File(/var/www/virtual/domain1.com/htdocs/images/13632653030891.jpg) is not within the allowed path(s): (/var/www/virtual/domain2.com:/usr/share/php:/usr/share/pear) in /var/www/virtual/domain2.com/htdocs/clasificados.php

I configured in admin/settings Value for the open_basedir directive=/var/www/virtual/domain1.com/htdocs/ but not working.

Thank you very much for your help.

rkrdolnx

Quote from kurgans

Te contesto en español por que se que lo hablas,

La directiva open_basedir la tienes que habilitar a nivel de servidor no en la aplicacion php

Buscala aqui
/var/www/fcgi/dominioquesea.tld/php5/php.ini

Requiere reinicio de apache

Display More

Hola,
Acabo de hacer lo que me indicas y ya puede leer las imágenes, sin embargo no puedo hacer upload. Soy un poco nuevo en esto, pero agregué al grupo www-data al usuario del dominio2.com

ls -l /var/www/virtual/
drwx--x--- 10 vu2012 www-data 4096 mar 10 19:19 dominio2.com

cat /etc/group | grep www-data

www-data:x:33:vu2012

Desde este dominio2.com necesito subir las imágenes al dominio dominio1.com (carpeta externa) y di permisos de lectura y escritura al grupo www-data (al que pertenece el dominio2.com), con esto entiendo podrían escribir archivos los miembros del grupo:

# ls -l /var/www/virtual/dominio1.com
total 312
drwxr-xr-x 2 root root 4096 mar 10 18:42 backups
drwxr-x--x 2 vu2010 vu2010 4096 mar 10 18:42 cgi-bin
drwx--x--- 3 root www-data 4096 mar 10 18:42 domain_disable_page
drwx--x--- 3 vu2010 www-data 4096 mar 10 18:42 errors
drwxr-x--x 25 vu2010 www-data 4096 abr 28 2012 htdocs
drwxr-x--- 2 vu2010 vu2010 4096 mar 11 00:00 logs
drwxrwx--- 2 vu2010 vu2010 282624 mar 14 16:16 phptmp

Verifico los permisos de la carpeta imágenes:

# ls -l /var/www/virtual/dominio1.com/htdocs/

drwxrwxr-x 6 vu2010 www-data 10649600 mar 14 16:05 images

Con esto confirmo que los usuarios que pertenezcan al grupo www-data puedan escribir.

¿Hay algo mas que deba tener en cuenta? ¿Es correcto lo que planteo?

Muchas gracias,

At first you should use the realpath function of php
http://php.net/manual/de/function.realpath.php

Next I think it's a permission error. Please post the permission of the image upload path or the processing php file.

Quote from Nuxwin

Hello ;

You are trying to handle files via PHP from user home A that are stored in an user home B, You must note that it's not allowed by default. By design, and more for security reasons, each customer have its own unix user which is used to run PHP. Also i-MSCP sets permissions on each user home to prevent others customer to access files not owned by them. Regarding this, it's better for you to manage domain2.com as domain alias, which should be owned by the domain1.com customer. If you are doing that only to have a dedicated IP per domain, it's better to ask us to allow such thing (It's planned anyway).

About the open_basedir parameter from admin/settings.php

Change on this parameter will have effect only on newly created domains... or after having regenerated all customer conffiles (eg: by running the imscp-setup script).

To finish, I should warn you that with the coming fix for proftpd, the user home permissions will be enforced to protect directories (htdocs, backup, phptmp...) against deletion. If you are breaking these permissions, we will not provide any support.

kurgans: Your note is only valid if you are using the i-MSCP fcgid/fastcgi httpd server implementation. Don't forget that i-MSCP also provides other Httpd server implementation (ITK, PHP-FPM). You can refer to this documentation to learn more about the way i-MSCP manages php.ini files, according the i-MSCP httpd server implementation you are using.

Thanks you for using i-MSCP.

Display More

Hi!
kurgans, Nuxwin Thank you very much! I applied the basics unix perms concepts and all it's ok. Again sorry for my bad english and kurgans gracias por el soporte en español, la edición manual del archivo php.ini fue la solución. Nuxwin thank you very much for your extend explanaition about the open_basedir parameter function.

See you

I think you mean kurgans, I have spoken in english *gg*

Quote from Ninos

I think you mean kurgans, I have spoken in english *gg*

Corrected (y)