User Registration
Customer Login

Knowledgebase

Portal Home > Knowledgebase > Articles Database > PHP/Drupal Issues


PHP/Drupal Issues




Posted by sinthetix, 02-04-2011, 07:26 AM
Hey everyone, I've been searching and searching the web for a few days now. I recently dropped Joomla 1.6 and decided to go with Drupal because it is just easier to work with to me. Here is the problem though. When I was working with Joomla and now working with Drupal I keep getting consistent errors about "open_basedir restriction is in effect" and also "Warning: move_uploaded_file() [function.move-uploaded-file]: open_basedir restriction in effect. File(temporary://samplefile.zip) is not within the allowed path(s): (C:/mycp/hostdata/admin/mydomain_com) in file_save_upload() (line 1528 of C:\mycp\hostdata\admin\mydomain_com\includes\file.inc). File upload error. Could not move uploaded file.". I'm not sure what to do about this. I have searched everything from PHP manuals to drupal help sites and everything in between. My setup is a home web server, static ip, dns is correct, drupal installed just fine(it did tell me errors about the above mentioned however but it still works flawlessly until I attempt to install a theme or module), my control panel works fine, everything except for this error. This had lead me to believe that this is an error in php.ini the only thing is that I am not sure what to do or what to edit exactly. Can anyone help me?
Posted by EMBRobert, 02-04-2011, 08:55 AM
What does your php.ini say about: open_basedir
Posted by sinthetix, 02-04-2011, 09:23 AM
It essentially just says that. I have tried it uncommented and commented out and neither fixes the issue. There is no variable set for it or anything after it, no file paths, etc. Currently it is commented out.
Posted by EMBRobert, 02-04-2011, 09:25 AM
Are you using a control panel? Try looking in your http conf.
Posted by sinthetix, 02-04-2011, 09:29 AM
I am using ''Zpanel'' and they told me to just edit this option out of my vhost.config file but they also told me it could lead to security issues.
Posted by sinthetix, 02-04-2011, 09:32 AM
This is the exact error I get when I attempt to install a module or theme into Drupal 7. Warning: move_uploaded_file() [function.move-uploaded-file]: open_basedir restriction in effect. File(temporary://superfish-7.x-1.8-alpha5.zip) is not within the allowed path(s): (C:/ZPanel/hostdata/zadmin/sinthetik-industries_com) in file_save_upload() (line 1528 of C:\ZPanel\hostdata\zadmin\sinthetik-industries_com\includes\file.inc). File upload error. Could not move uploaded file. I also had similar issues when I had Joomla. It all has to do with permissions, temp folders, and this base directory crap. So I know it is not Drupal, rather something wrong with my configuration.
Posted by EMBRobert, 02-04-2011, 09:38 AM
I would look for your tmp file setting or remove the openbase since this a home installation.
Posted by sinthetix, 02-04-2011, 09:48 AM
What do you mean my temp file setting? It was correct on Joomla, but I am not 100 percent sure on Drupal. But the problem persisted between both of them. I am sure that the folder has readable, writable, etc. This is a home web server, but I am going to be hosting people's web sites trying to run a business from home. If I were to remove this from the configuration file for vhosts wouldn't it make a security issue? I'm just a little weary about doing that because I don't think Drupal would put something out and thousands of web sites, both ecommerce and not ecommerce, wouldn't be setting their configuration to be susceptible to security risks, simply to use a CMS like Drupal or Joomla.
Posted by Driver01, 02-04-2011, 10:24 AM
Try removing the tmp directory where its trying to save and renew it manually using ftp or your control panel and give appropriate permissions.
Posted by Driver01, 02-04-2011, 11:52 AM
Did you restart the web server?
Posted by sinthetix, 02-04-2011, 12:58 PM
I stopped apache server, edited the httpd-vhost.config file to comment out the base_dir line and it would not start again. I changed it back and started apache, no errors. It started just fine.
Posted by Driver01, 02-04-2011, 01:22 PM
Try add this line to the http_conf and restart: php_admin_value open_basedir none This may work but you will need to review these settings when you start allowing shared hosting. Last edited by Driver01; 02-04-2011 at 01:30 PM.
Posted by Driver01, 02-04-2011, 01:39 PM
QUOTE=Driver01;7263809]Try add this line to the http_conf and restart: php_admin_value open_basedir none
Posted by sinthetix, 02-05-2011, 12:00 AM
Okay, so I completely took the line of code out of my httpd-vhosts.config file instead of just ''commenting'' the line of code out. Results? Drupal is now working properly and I can now install themes/modules etc. My only issue now is security. I've been told that taking my base directory value out can lead to security issues on my web server here at home and seeing as how I am trying to run a web hosting/design business.... Yeah. Does anyone know what kind of security issue this can have on my server by removing this line from my configuration file and is there any sort of work around that won't screw up other things? I think that if I put the line of code back in that other things in Drupal won't work correctly here and there like uploading pictures and what not which basically ruins the free flowing CMS. I basically don't want to have to continually take the line in and out of the file or leave it out completely at the risk of security without some type of other work around in place to compensate for the security vuln now made by this. If this makes any sense at all? Any and all previous and future help is GREATLY appreciated fellow webbers.
Posted by babaluda, 02-05-2011, 12:11 AM
hi the security issue is that if any hacker is able to upload any file to your upload directory, they will be able to move to all files and folders on your server other than your main document root, which will exposes your entire server file structure and hacker can begin to tamper with files if your server level security is not tight enough. Drupal can work with open base directory restriction enabled. It is that you need to have your tmp directory in the allowed path to make it work.
Posted by Driver01, 02-05-2011, 07:08 AM
The examples above were given for you to find the issue, now that you know why you should be able to fix it, you need to look at setting the option to your needs and before you allow access to the server review all the security options, security on your server is not a one-time set-up and go but a constant evaulation of updates and reviews, if this is your bread and butter then the security here should be your very first intention. Good Luck!


Was this answer helpful?

Add to Favourites Add to Favourites    Print this Article Print this Article

Also Read
QC Xeon X3220 vs QC Xeon 5320 - which is better? Dell upgraded mine to 5320 (Views: 763)
I'm a programming noob, how can I practice C? (Views: 637)
Ip rotation In sendmail.. (Views: 689)
Dedicated IP not working? (Views: 620)
k-disk.net - NO SUPPORT since 3 Days ! (Views: 706)

Language:

Our Services

Client Menu

Legal

+1 512-782-9732

Find any answers
you need...



  • PCI Secure
  • Verefied by VISA
  • MasterCard SecureCode

    • Terms of Service | Privacy Policy | FAQs | Affiliates | Email
    Copyright © 2015 BraginHos / CHS Gateway inc. - All Rights Reserved.
    Our address: CHS GATEWAY INC c/o Regus Offices, 2598 E. Sunrise Blvd Ste 2104, Fort Lauderdale, Florida 33304, contact phone number: (+1) 512-782-9732, email: support@chsgatewayinc.com