using a https directory in http

Problems with the Windows version of XAMPP, questions, comments, and anything related.

using a https directory in http

Postby sprinkel » 15. February 2012 13:07

Dear all,

I try to use SSL by using httpdocs. Therfor i need in a php script wich is installed in a httpdoc directory, my class directory wich is installed in a httpsdoc directory.
the code:

function __autoload($class)
{
require_once('https://restricted/classes/' . $class . '.php');
}

gives the error:
Fatal error: require_once() [function.require]: Failed opening required 'https://restricted/classes/session.php' (include_path='.;C:\Program Files\xampp\php\PEAR') in C:\Program Files\xampp\htdocs\golfsite\index.php on line 4

Can anyone give a hint whats wrong?

Kind regards,
Cees
sprinkel
 
Posts: 16
Joined: 29. August 2009 01:38
Location: Netherlands
Operating System: Windows Vista

Re: using a https directory in http

Postby sprinkel » 15. February 2012 13:35

As enhencment on my previous port, i also tried:
Code: Select all
function __autoload($class)
{
   require_once('../httpsdocs/restricted/golfsite_classes/' . $class . '.php');
}
session_save_path('../httpsdocs/restricted/sessie_data/');


but that gives:

Warning: session_save_path() [function.session-save-path]: open_basedir restriction in effect. File(../httpsdocs/restricted/sessie_data/) is not within the allowed path(s): (/var/www/vhosts/golfresultaten.nl/subdomains/demo/httpdocs:/tmp) in /var/www/vhosts/golfresultaten.nl/subdomains/demo/httpdocs/index.php on line 8

Warning: require_once() [function.require-once]: open_basedir restriction in effect. File(../httpsdocs/restricted/golfsite_classes/session.php) is not within the allowed path(s): (/var/www/vhosts/golfresultaten.nl/subdomains/demo/httpdocs:/tmp) in /var/www/vhosts/golfresultaten.nl/subdomains/demo/httpdocs/index.php on line 4

Warning: require_once(../httpsdocs/restricted/golfsite_classes/session.php) [function.require-once]: failed to open stream: Operation not permitted in /var/www/vhosts/golfresultaten.nl/subdomains/demo/httpdocs/index.php on line 4

Fatal error: require_once() [function.require]: Failed opening required '../httpsdocs/restricted/golfsite_classes/session.php' (include_path='.:') in /var/www/vhosts/golfresultaten.nl/subdomains/demo/httpdocs/index.php on line 4

A little help is welcome.
regards,
Cees
sprinkel
 
Posts: 16
Joined: 29. August 2009 01:38
Location: Netherlands
Operating System: Windows Vista

Re: using a https directory in http

Postby JonB » 16. February 2012 01:15

Ok, I think two things are in play here -

One - vhosts that are not in the same root domain are a problem for https, as I understand things.

Two - similarly - you may have to have your work areas, such as session variables, and tmp files in an area that would fall under secured server root. again only as I understand things...

Think of this from the perspective of 'what would a SSL certificate be expected to envelope?'.

Good Luck
8)
User avatar
JonB
AF Moderator
 
Posts: 3210
Joined: 12. April 2010 16:41
Location: Land of the Blazing Sun
Operating System: Windows XP/7 - Fedora 15 1.7.7

Re: using a https directory in http

Postby sprinkel » 16. February 2012 15:06

Hello JonB,

Thanks for your repley,

I don't understand you quite well, do you mean that the the httpdocs as well as the httpsdocs need their own css, class directory and session_save_path directory?

Thank you in advance.

Cees
sprinkel
 
Posts: 16
Joined: 29. August 2009 01:38
Location: Netherlands
Operating System: Windows Vista

Re: using a https directory in http

Postby JonB » 16. February 2012 16:31

the theory of SSL in the HTTP paradigm/protocol is that the elements of a page will all come from 'trustworthy sources', which is what a Certificate guarantees. The Certificate 'encapsulates' a tiny piece of the web and says "I know here this stuff came from" as well as the matter of encryption.

that is the reason that if you are on a HTTPS page and any elements in that page are not within the same root or rule set, you will get a message like "this page contains some insecure elements, do you want to continue?"

the short version of an answer to "do you mean that the the httpdocs as well as the httpsdocs need their own css, class directory and session_save_path directory?" is 'probably yes -- in your case'.

I'm not proposing that I am an expert on SSL, that is why I have several times said "as far as I know'. Commercial entities often spend many thousands of dollars getting their apps up to spec to pass an audit.

You might want to Google "understanding https and ssl" or "apache http and https on same server"

This one looks readable - :)
http://www.ourshop.com/resources/ssl.html

This forum is really here to support getting XAMPP to work, and while we are happy to answer other questions, Apache Friends is not really a general support forum for all matters http/https/Apache/PHP/Perl whatever... Those questions are best answered in specialist forums - StackOverflow and Daniweb are two good ones. (I belong to both)

Good Luck with your project.
8)
User avatar
JonB
AF Moderator
 
Posts: 3210
Joined: 12. April 2010 16:41
Location: Land of the Blazing Sun
Operating System: Windows XP/7 - Fedora 15 1.7.7


Return to XAMPP for Windows

Who is online

Users browsing this forum: No registered users and 66 guests