Apache Friends Support Forum

[sprinkel]

Dear all,

I try to use SSL by using httpdocs. Therfor i need in a php script wich is installed in a httpdoc directory, my class directory wich is installed in a httpsdoc directory.
the code:

function __autoload($class)
{
require_once('https://restricted/classes/' . $class . '.php');
}

gives the error:
Fatal error: require_once() [function.require]: Failed opening required 'https://restricted/classes/session.php' (include_path='.;C:\Program Files\xampp\php\PEAR') in C:\Program Files\xampp\htdocs\golfsite\index.php on line 4

Can anyone give a hint whats wrong?

Kind regards,
Cees

[sprinkel]

As enhencment on my previous port, i also tried:

Code: Select all

function __autoload($class)
{
   require_once('../httpsdocs/restricted/golfsite_classes/' . $class . '.php');
}
session_save_path('../httpsdocs/restricted/sessie_data/');

but that gives:

Warning: session_save_path() [function.session-save-path]: open_basedir restriction in effect. File(../httpsdocs/restricted/sessie_data/) is not within the allowed path(s): (/var/www/vhosts/golfresultaten.nl/subdomains/demo/httpdocs:/tmp) in /var/www/vhosts/golfresultaten.nl/subdomains/demo/httpdocs/index.php on line 8

Warning: require_once() [function.require-once]: open_basedir restriction in effect. File(../httpsdocs/restricted/golfsite_classes/session.php) is not within the allowed path(s): (/var/www/vhosts/golfresultaten.nl/subdomains/demo/httpdocs:/tmp) in /var/www/vhosts/golfresultaten.nl/subdomains/demo/httpdocs/index.php on line 4

Warning: require_once(../httpsdocs/restricted/golfsite_classes/session.php) [function.require-once]: failed to open stream: Operation not permitted in /var/www/vhosts/golfresultaten.nl/subdomains/demo/httpdocs/index.php on line 4

Fatal error: require_once() [function.require]: Failed opening required '../httpsdocs/restricted/golfsite_classes/session.php' (include_path='.:') in /var/www/vhosts/golfresultaten.nl/subdomains/demo/httpdocs/index.php on line 4

A little help is welcome.
regards,
Cees

[JonB]

Ok, I think two things are in play here -

One - vhosts that are not in the same root domain are a problem for https, as I understand things.

Two - similarly - you may have to have your work areas, such as session variables, and tmp files in an area that would fall under secured server root. again only as I understand things...

Think of this from the perspective of 'what would a SSL certificate be expected to envelope?'.

Good Luck

[sprinkel]

Hello JonB,

Thanks for your repley,

I don't understand you quite well, do you mean that the the httpdocs as well as the httpsdocs need their own css, class directory and session_save_path directory?

Thank you in advance.

Cees

[JonB]

the theory of SSL in the HTTP paradigm/protocol is that the elements of a page will all come from 'trustworthy sources', which is what a Certificate guarantees. The Certificate 'encapsulates' a tiny piece of the web and says "I know here this stuff came from" as well as the matter of encryption.

that is the reason that if you are on a HTTPS page and any elements in that page are not within the same root or rule set, you will get a message like "this page contains some insecure elements, do you want to continue?"

the short version of an answer to "do you mean that the the httpdocs as well as the httpsdocs need their own css, class directory and session_save_path directory?" is 'probably yes -- in your case'.

I'm not proposing that I am an expert on SSL, that is why I have several times said "as far as I know'. Commercial entities often spend many thousands of dollars getting their apps up to spec to pass an audit.

You might want to Google "understanding https and ssl" or "apache http and https on same server"

This one looks readable -
http://www.ourshop.com/resources/ssl.html

This forum is really here to support getting XAMPP to work, and while we are happy to answer other questions, Apache Friends is not really a general support forum for all matters http/https/Apache/PHP/Perl whatever... Those questions are best answered in specialist forums - StackOverflow and Daniweb are two good ones. (I belong to both)

Good Luck with your project.